homey-cli
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on a local script
run.shto execute all hub operations. Since the script's content is not provided, its behavior and safety cannot be statically verified. - [EXTERNAL_DOWNLOADS] (MEDIUM): The setup instructions include
npm install, which downloads third-party dependencies from the NPM registry. Without a visible manifest (package.json) or integrity hashes, this introduces a supply chain risk. - [CREDENTIALS_UNSAFE] (LOW): The skill instructs users to store OAuth Client Secrets in environment variables and saves authentication tokens in the user's home directory (
~/.config/homey-cli/). - [PROMPT_INJECTION] (LOW): The skill is potentially vulnerable to indirect prompt injection by processing natural language queries into hardware control commands. 1. Ingestion point: User natural language queries for device control. 2. Boundary markers: Absent. 3. Capability inventory: Supports device state changes, dimming, and triggering flows. 4. Sanitization: The documentation mentions capability allowlisting, but this cannot be verified without the script source.
Audit Metadata