desktop-notifications
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions suggest fetching the
agentcli-helperspackage from an external registry using theuvtool. This package provides the underlyingnotifycommand used by the skill.- [COMMAND_EXECUTION]: The skill relies on executing shell commands and piping output between processes. It specifically leverages platform-specific notification tools likeosascripton macOS andnotify-sendon Linux.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates untrusted data from external sources into system notifications. - Ingestion points: The skill reads data from local files via
catand remote endpoints viacurl. - Boundary markers: There are no markers or system instructions to prevent the agent from being influenced by instructions hidden in the data being notified.
- Capability inventory: The skill possesses the ability to execute shell commands and display information to the user.
- Sanitization: No input validation or sanitization is performed on the data before it is piped to the notification command.
Audit Metadata