API Catalog
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instructions or bypass attempts were found. The skill includes a standard activation instruction directing the agent to use the provided references when users mention specific services.
- [DATA_EXFILTRATION]: The skill emphasizes the 'Iron Law' of not hardcoding credentials, directing users to use Home Assistant's
!secrettag or Node-RED environment variables. All network communication templates target legitimate, well-known API endpoints for functional purposes (e.g., fetching weather or transport data). - [COMMAND_EXECUTION]: No dangerous shell commands or privilege escalation attempts were detected. The skill focuses on standard HTTP/REST/GraphQL interactions within the Home Assistant and Node-RED ecosystems.
- [EXTERNAL_DOWNLOADS]: The skill mentions and provides links to official developer documentation and well-known, trusted GitHub repositories for community integrations. No suspicious external scripts or binaries are downloaded.
- [SAFE]: The code snippets provided are standard templates for home automation tasks. The skill's behavior aligns with its stated purpose of being an API reference guide.
Audit Metadata