home-assistant-automation
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill definition in
SKILL.mdcontains strict behavioral constraints (the "Iron Law") that override the agent's default response patterns. It mandates a specific workflow where the agent must ask multiple clarifying questions before generating any code. - [EXTERNAL_DOWNLOADS]: Reference documentation files (
references/custom-components.mdandreferences/integrations-ai-llm.md) include instructions for users to download and execute setup scripts from external domains likehacs.xyzandollama.com. These are well-known services within the home automation and AI communities. - [COMMAND_EXECUTION]: The skill facilitates the generation of Home Assistant configurations that may include potentially dangerous components such as
shell_commandorrest_command. WhileSKILL.mdcorrectly advises the agent to warn users about input validation for these components, there is a risk of indirect prompt injection if a user request leads to the generation of malicious system commands.
Audit Metadata