Home Assistant YAML
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing well-known community integrations and tools from their official sources. These include the installation of HACS (Home Assistant Community Store) and the Ollama AI tool using their respective official setup scripts. These are established services within the Home Assistant ecosystem and the references are documented neutrally.
- [PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection as it processes user requirements to generate complex Home Assistant YAML code.
- Ingestion points: User requests for Home Assistant YAML configuration and automation logic enter the agent context (SKILL.md).
- Boundary markers: Absent. However, the skill includes strong instructions to the agent to clarify user intent and verify entity names before generating output (SKILL.md).
- Capability inventory: The skill can generate YAML that uses services like
shell_command,rest_command, andmqtt.publishwhich can execute shell commands or transmit data (references/automations.md, references/integrations-mqtt.md). - Sanitization: Present. System instructions explicitly tell the agent to warn about input validation in shell commands and to use the
!secretdirective for all credentials and sensitive data (SKILL.md).
Audit Metadata