push-notification-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override behavior or bypass safety guidelines were found.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized data exfiltration patterns were detected. Network calls in snippets are for standard push notification registration and testing.
- [Obfuscation] (SAFE): No encoded content or hidden characters were identified.
- [Unverifiable Dependencies] (SAFE): The code snippets reference standard, well-known libraries such as firebase-admin and expo-server-sdk.
- [Privilege Escalation] (SAFE): No use of sudo or unauthorized permission modifications was found.
- [Persistence Mechanisms] (SAFE): No attempts to establish persistence on the host system were identified.
- [Indirect Prompt Injection] (SAFE): Ingestion points: remoteMessage.data (android-messaging-service.md); Boundary markers: none; Capabilities: Linking.openURL; Sanitization: none. This category is assessed as SAFE given the skill context.
Audit Metadata