sharing-text
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
push()function inreferences/push-implementation.mduses thesourcecommand to read the credential file at$HOME/.config/pushover/claude-code. This executes the file's content as shell code, posing a risk of arbitrary command execution if the file is compromised. - [DATA_EXFILTRATION]: The skill accesses a sensitive local file path at
$HOME/.config/pushover/claude-codeto retrieve Pushover API credentials. It also performs network communication withapi.pushover.netto send data that may contain sensitive terminal output or buffer contents. - [PROMPT_INJECTION]: The skill processes untrusted data from shell arguments, stdin, and tmux buffers, presenting an attack surface for indirect prompt injection. (1) Ingestion points:
references/push-implementation.md(reads from command arguments, stdin, and tmux buffers viatmux save-buffer). (2) Boundary markers: None identified in the prompt interpolation. (3) Capability inventory:references/push-implementation.md(network access viacurl). (4) Sanitization: Uses--data-urlencodefor HTTP parameters, but does not sanitize the transmitted message content itself.
Audit Metadata