homeassistant-dashboard-designer

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local shell commands using pwsh and python (e.g., python scripts/validate_lovelace_view.py <changed-view.yaml>). These commands are used to validate Home Assistant dashboard configurations before they are finalized, which is a legitimate and necessary part of the skill's stated workflow.
  • [SAFE]: The provided Python validation script (scripts/validate_lovelace_view.py) uses a custom YAML loader inheriting from yaml.SafeLoader. This ensures that parsing user-provided or local configuration files does not lead to arbitrary code execution, effectively mitigating risks associated with unsafe deserialization. The script also safely handles custom Home Assistant YAML tags (like !include) by treating them as opaque strings.
  • [SAFE]: The skill's documentation explicitly advises against hardcoding sensitive information. It instructs users to store credentials, such as the Home Assistant Long-Lived Access Token, in environment variables rather than committing them to the repository or configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:17 AM
Security Audit — agent-trust-hub — homeassistant-dashboard-designer