The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of generating executable logic based on external data.
Ingestion points: The skill generates Home Assistant automations that process data from potentially untrusted external sources, such as weather sensors, energy price APIs, and calendar events.
Boundary markers: The instructions do not explicitly mandate the use of delimiters or 'ignore embedded instructions' warnings for external data interpolation within the generated YAML.
Capability inventory: Generated automations have significant capabilities, including executing arbitrary shell commands (shell_command), performing REST API calls, and controlling physical security devices (locks, alarms).
Sanitization: While the skill includes a security section advising users to validate shell command inputs, it does not provide automated sanitization logic for the generated code.
[EXTERNAL_DOWNLOADS]: The documentation (specifically in references/custom-components.md) provides users with instructions to install the Home Assistant Community Store (HACS) using a piped shell command: `wget -O
https://get.hacs.xyz | bash -`. Although HACS is a de-facto standard in the community, this method of installation is inherently risky as it executes remote scripts directly in the shell.
[COMMAND_EXECUTION]: The skill's operational flow in SKILL.md explicitly instructs the AI agent to save generated configuration files to the user's current working directory. This involves filesystem write operations, which, while central to the skill's purpose, should be monitored by the user.

Home Assistant YAML