Trust Assessment
home-assistant received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 10 findings: 0 critical, 9 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unescaped user input in JSON payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$entity` and `$brightness`, use `jq -n --arg entity "$entity" --argjson brightness "$brightness" '{"entity_id": $entity, "brightness": $brightness}'`. | LLM | scripts/ha.sh:35 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$entity`, use `jq -n --arg entity "$entity" '{"entity_id": $entity}'`. | LLM | scripts/ha.sh:38 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$entity`, use `jq -n --arg entity "$entity" '{"entity_id": $entity}'`. | LLM | scripts/ha.sh:45 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$entity`, use `jq -n --arg entity "$entity" '{"entity_id": $entity}'`. | LLM | scripts/ha.sh:52 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$scene`, use `jq -n --arg scene "$scene" '{"entity_id": $scene}'`. | LLM | scripts/ha.sh:59 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$script`, use `jq -n --arg script "$script" '{"entity_id": $script}'`. | LLM | scripts/ha.sh:66 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$auto`, use `jq -n --arg auto "$auto" '{"entity_id": $auto}'`. | LLM | scripts/ha.sh:73 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script constructs JSON payloads by directly interpolating user-controlled variables (`$entity`, `$brightness`, `$scene`, `$script`, `$auto`, `$temp`, `$data`) into double-quoted strings. This allows for shell command substitution (e.g., `$(command)`) within these variables to be executed by the shell before the `curl` command is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. Use `jq` to safely construct JSON payloads, passing user input as `--arg` or `--argjson` to prevent shell expansion. For example, instead of directly embedding `$entity` and `$temp`, use `jq -n --arg entity "$entity" --argjson temp "$temp" '{"entity_id": $entity, "temperature": $temp}'`. | LLM | scripts/ha.sh:80 | |
| HIGH | Command Injection via unescaped user input in JSON payload The `scripts/ha.sh` script directly interpolates the user-controlled `$data` variable into a double-quoted string passed as the `-d` argument to `curl`. This allows for shell command substitution (e.g., `$(command)`) within `$data` to be executed by the shell before `curl` is invoked. An attacker can inject arbitrary shell commands that will be executed on the host system. To prevent shell expansion, pass the `$data` as a literal string to `jq` for parsing and re-serialization. For example, use `json_payload=$(jq -n --arg raw_data "$data" '$raw_data | fromjson')` and then pass `"$json_payload"` to `curl`. This ensures `$data` is treated as a string by the shell and parsed as JSON by `jq`. | LLM | scripts/ha.sh:110 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/iahmadzain/home-assistant/scripts/ha.sh:7 |
Scan History
Embed Code
[](https://skillshield.io/report/9fef8f462f1e7e0e)
Powered by SkillShield