send-notification
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local application data and brand profiles from the
~/.claude-marketing/directory to customize message delivery. - Data from these files is used to influence the formatting and context of notifications sent to well-known messaging platforms (Slack and Intercom).
- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it interpolates external data and user-provided messages into its execution flow.
- Ingestion points: The skill ingests 'Notification content', 'Related context' (derived from Campaign or Approval IDs), and 'Attachments' (provided via URLs).
- Boundary markers: The skill description does not specify the use of delimiters or 'ignore embedded instructions' markers when handling interpolated external content.
- Capability inventory: The agent possesses capabilities to read local filesystem data (
~/.claude-marketing/) and perform network operations through the Slack and Intercom MCP servers. - Sanitization: No explicit sanitization, validation, or escaping of ingested notification content or external context is described in the process steps.
Audit Metadata