Skills
skills/dev-goraebap/skills/vscode-claude-notify/Gen Agent Trust Hub

vscode-claude-notify

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/notify-wsl.sh is vulnerable to command injection. It interpolates the $TITLE and $MESSAGE shell variables directly into a PowerShell command string. An attacker providing a crafted message (e.g., containing single quotes or semicolons) could execute arbitrary PowerShell commands on the host Windows system.
  • Ingestion points: Command-line arguments $1 and $2 in scripts/notify-wsl.sh.
  • Boundary markers: None; uses single quotes within the PowerShell string which are easily escapable.
  • Capability inventory: Execution of powershell.exe via WSL.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: The script scripts/notify-mac.sh contains a similar injection surface where arguments are interpolated into an osascript command string. This allows for AppleScript injection if the notification content is untrusted.
  • Ingestion points: Command-line arguments $1 and $2 in scripts/notify-mac.sh.
  • Boundary markers: Double quotes are used but not escaped, allowing breakout.
  • Capability inventory: Execution of osascript on macOS.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: The suggested configuration in references/hooks-config.md and SKILL.md for Windows native environments uses the -ExecutionPolicy Bypass flag. While common for automation, this explicitly instructs the system to ignore local security policies regarding script execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 05:45 PM