ESPHome
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill identify an indirect prompt injection surface (Category 8) in its Arduino-to-ESPHome conversion guide (references/arduino-conversion.md). Ingestion points: User-provided GitHub repository URLs for project analysis. Boundary markers: Absent in the conversion logic. Capability inventory: Filesystem write access for generating and saving configuration files. Sanitization: Absent. Malicious content within an analyzed repository could contain instructions designed to manipulate the AI agent's configuration generation or behavior.
- [EXTERNAL_DOWNLOADS]: Documentation and templates (e.g., references/external-components.md, assets/templates/ble-presence.yaml) facilitate and document the use of ESPHome's 'external_components' feature. This feature downloads and integrates code from various third-party community GitHub repositories during the firmware compilation process.
Audit Metadata