notify
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to build a command string for
fish -cthat includes external content in the<MESSAGE>placeholder. This pattern is vulnerable to command injection if the content contains shell-sensitive characters like backticks or semicolons. - [EXTERNAL_DOWNLOADS]: The skill uses
curlto transmit data to the well-known notification servicentfy.sh(SKILL.md). - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing data from external sources and using it in sensitive operations.
- Ingestion points: Task outputs, system error messages, and event descriptions (SKILL.md).
- Boundary markers: None; the content is directly interpolated into the execution string.
- Capability inventory: Execution of shell commands via
fish -c(SKILL.md). - Sanitization: None; there are no instructions to sanitize or escape the message before it is passed to the shell.
Audit Metadata