ESPHome
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill instructions (SKILL.md) establish an 'Iron Law' requiring hardware confirmation before generating configurations, which prevents the creation of incompatible or unstable firmware for the user's specific devices.
- [SAFE]: The skill implements strict data handling protocols, explicitly forbidding the AI from creating, reading, or modifying
secrets.yamlfiles and mandating the use of!secrettags for all credentials. - [SAFE]: A dedicated security hardening guide (
references/security-hardening.md) is provided to ensure users are prompted to enable API encryption, set OTA passwords, and follow network isolation best practices. - [EXTERNAL_DOWNLOADS]: The skill documentation and templates reference various community-maintained ESPHome components hosted on GitHub (e.g., for specialized hardware like Victron MPPT or JK-BMS). While these are external dependencies, they are standard in the ESPHome ecosystem for microcontroller firmware and do not execute on the agent's host machine.
Audit Metadata