The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill manages sensitive Home Assistant access tokens by instructing the user to store them in a local .env file (~/.config/home-assistant/.env). It uses standard security best practices by applying restricted file permissions (chmod 600) to protect these credentials from other users on the system.
[COMMAND_EXECUTION]: The skill uses bash and curl to interact with the filesystem and the Home Assistant REST API. This is the intended mechanism for querying device states and executing automation tasks.
[DATA_EXFILTRATION]: Network communication is performed via curl to the user-defined Home Assistant API URL. These operations are strictly for the purpose of smart home control and no unauthorized data exfiltration to third-party domains was observed.
[PROMPT_INJECTION]: The skill processes data (entity names and attributes) retrieved from an external Home Assistant instance. This creates a potential indirect prompt injection surface where a compromised Home Assistant instance could provide malicious instructional data. However, this risk is significantly mitigated by the skill's explicit instruction to Claude to require human confirmation before any state-changing service call.
Ingestion points: Entity attributes are fetched from the /api/states endpoint in SKILL.md and scripts/discover_entities.sh.
Boundary markers: No explicit delimiters are used when the agent processes retrieved entity data.
Capability inventory: The agent has access to command execution (Bash), file system operations, and network requests (curl).
Sanitization: External data is not sanitized before being processed by the agent.

home-assistant