push-notification-setup
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides logic for processing push notifications, which are external, untrusted data sources. This establishes a surface for indirect prompt injection.
- Ingestion points:
references/firebase-cloud-messaging-setup.md(onMessage),references/android-setup-with-kotlin.md(onMessageReceived),references/ios-native-setup-with-swift.md(didReceive), andreferences/flutter-implementation.md(onMessage). - Boundary markers: None identified in the code snippets provided.
- Capability inventory: The code demonstrates performing application navigation (deep linking) and data synchronization based on the notification payload.
- Sanitization: No sanitization or validation of the deepLink or params data is present in the examples.
- [COMMAND_EXECUTION]: The skill includes a shell script
scripts/validate-api.shused for local API specification validation. Although it currently contains placeholders, it introduces a script execution capability into the environment.
Audit Metadata