maui-local-notifications
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The notification service accepts arbitrary string inputs for titles and messages, which creates a surface for indirect prompt injection. If an agent populates these fields using untrusted data (e.g., from a website or email), malicious instructions within that data could attempt to influence the agent's behavior.\n
- Ingestion points:
SendNotificationandReceiveNotificationmethods inSKILL.md(shared and platform-specific implementations).\n - Boundary markers: None present in the code templates to distinguish between data and instructions.\n
- Capability inventory: The skill is restricted to UI-based notification display and does not include sensitive capabilities such as file system access or network requests.\n
- Sanitization: No input validation, escaping, or filtering is provided in the template code.
Audit Metadata