Skills
skills/niracler/skill/ha-integration-reviewer/Gen Agent Trust Hub

ha-integration-reviewer

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads quality scale rules and coding instructions from the official Home Assistant GitHub organization. This is a legitimate activity to keep the review criteria up-to-date with project standards.\n- [COMMAND_EXECUTION]: The skill uses git diff to identify changes and the GitHub CLI (gh api) to access reference code. It also suggests using npx to run the @upstash/context7-mcp tool for fetching documentation.\n- [PROMPT_INJECTION]: As a code review tool, it is exposed to indirect prompt injection. Untrusted code from pull requests could contain instructions designed to deceive the AI. The skill lacks specific sanitization or boundary markers for this ingested content.\n
  • Ingestion points: git diff output and user-provided integration files.\n
  • Boundary markers: None detected in the instructions to the agent.\n
  • Capability inventory: Uses curl, gh, and git for network and file operations.\n
  • Sanitization: No explicit sanitization of analyzed code content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 04:17 PM