xiaomi
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
uvxto download and run themijiaAPIpackage from an external source. The core logic is powered by theDo1e/mijia-apirepository, which is an unverified third-party community project rather than an official or verified vendor source.\n- [COMMAND_EXECUTION]: The skill frequently executes shell commands (e.g.,uvx mijiaAPI set,uvx mijiaAPI get) to manage device properties and query status. This capability is used across all primary features of the skill.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the direct interpolation of user-provided strings into shell command arguments without explicit sanitization or validation logic.\n - Ingestion points: User-provided device names, property names, scene IDs, and natural language prompts for the Xiao Ai speaker (SKILL.md).\n
- Boundary markers: There are no boundary markers or instructions to the agent to ignore potentially malicious embedded content within the user-provided strings.\n
- Capability inventory: The skill possesses the capability to execute shell commands and interact with local authentication configuration files (
~/.config/mijia-api/auth.json).\n - Sanitization: No sanitization or escaping mechanisms are described to protect against malformed or malicious inputs being passed to the CLI tool.
Audit Metadata