gen-notifier
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to run the
terminal-notifierCLI tool by interpolating{DESCRIPTION OF JOB}and{STATUS_OF_JOB}variables directly into the shell command string. This pattern is vulnerable to shell command injection; an attacker can use backticks or$()within a task title to execute unauthorized commands. - PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted task data and uses it in a privileged command-line context.
- Ingestion points: The
{DESCRIPTION OF JOB}variable is derived from external task data, such as file names, commit messages, or PR content being processed by the agent. - Boundary markers: Absent. The instructions provide no delimiters or 'ignore-embedded-instructions' warnings for the job description.
- Capability inventory: Direct shell execution via the
terminal-notifiertool. - Sanitization: Absent. No instructions are provided to the agent to sanitize or escape shell metacharacters from the input variables.
- EXTERNAL_DOWNLOADS (LOW): The skill requires the user to install
terminal-notifiervia Homebrew (brew install terminal-notifier). While Homebrew is a standard package manager, it is a third-party dependency that requires user trust.
Recommendations
- AI detected serious security threats
Audit Metadata