Node-RED
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill identifies an attack surface where data from Home Assistant entities (untrusted input) is ingested into automation logic. \n
- Ingestion points: Home Assistant states are accessed via
global.get("homeassistant").homeAssistant.statesand various trigger nodes (e.g.,trigger-state,events-state) as documented inSKILL.mdandreferences/function-nodes.md. \n - Boundary markers: No explicit boundary markers are enforced within the provided JSON templates. \n
- Capability inventory: The skill utilizes powerful capabilities including
api-call-service(Home Assistant service calls),http request(outbound network requests), andha-api(direct API access) as seen inSKILL.mdand thereferences/directory. \n - Sanitization: The
references/security.mdfile provides clear instructions on sanitizing entity IDs and validating incoming payloads to prevent injection attacks. \n- [DYNAMIC_EXECUTION]: The skill facilitates the creation offunctionnodes that execute JavaScript at runtime, which is a core feature of the Node-RED platform. \n - Evidence: Multiple templates (e.g.,
templates/advanced-motion-light.json) and reference documents (e.g.,references/function-nodes.md) contain JavaScript logic for processing automation events. \n- [COMMAND_EXECUTION]: TheINSTALLATION.mdfile contains documentation for manual installation commands involvingsudoand package managers. \n - Evidence: Commands such as
sudo apt-get install -y nodejsandsudo npm install -g --unsafe-perm node-redare provided as instructional content for the user's manual setup, not for automated execution by the agent.
Audit Metadata