hass-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required wrapper script scripts/hab.sh automatically downloads and executes a binary from a public GitHub releases URL (https://github.com/balloob/home-assistant-build-cli/releases/latest/download), so the agent's workflow depends on code/content fetched from an external, untrusted third-party source which can change CLI outputs and thereby influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts/hab.sh wrapper fetches a binary at runtime from https://github.com/balloob/home-assistant-build-cli/releases/latest/download/ (BASE_URL) and then execs that downloaded binary, meaning the skill downloads and executes remote code which is a required runtime dependency.