bark-notify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill sends task-related data including titles, statuses, and summaries to the Bark API at api.day.app. This constitutes a data transfer to a third-party service not on the trusted whitelist.
- Indirect Prompt Injection (LOW): The skill parses project metadata from an AGENTS.md file which may be attacker-controlled in certain environments. 1. Ingestion points: The script reads AGENTS.md in scripts/send_bark_notification.py using Path.read_text to resolve the project name. 2. Boundary markers: Absent; the script does not use delimiters or instructions to isolate the extracted project name from the rest of the notification body. 3. Capability inventory: The script performs network POST requests via urllib.request and reads local project files. 4. Sanitization: While the payload is URL-encoded for transmission, the content is not sanitized to prevent instructions from being misinterpreted by the agent or recipient in downstream tasks.
Audit Metadata