push-notifications
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly manages sensitive credentials by instructing users to use environment variables for VAPID keys rather than hardcoding secrets into the source code.- [SAFE]: All external service references, such as those to OneSignal and PushOwl, are to well-known and trusted providers in the push notification space.- [SAFE]: The provided JavaScript and TypeScript snippets for service workers and server-side logic follow standard, secure implementation patterns for the Web Push API.- [SAFE]: The skill includes best-practice advice for improving user experience and consent by gating browser permission prompts behind user interactions.- [SAFE]: No evidence of prompt injection, data exfiltration, or malicious persistence mechanisms was found in the provided files.
Audit Metadata