linux-notification
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile contains installation instructions usingsudowith package managers likeapt,dnf, andpacman. This suggests the execution of commands with elevated administrative privileges to install system-level dependencies.\n- [PROMPT_INJECTION]: The skill handles notification messages, which creates a surface for indirect prompt injection if the agent processes untrusted data.\n - Ingestion points: Notification titles and messages specified in the
SKILL.mdusage examples.\n - Boundary markers: The skill does not implement delimiters or provide instructions for the agent to ignore embedded commands within the notification text.\n
- Capability inventory: The skill utilizes the
notify-sendsystem utility via subprocess execution.\n - Sanitization: There is no evidence of sanitization, filtering, or shell-escaping for the strings passed to the
notify-sendcommand.
Audit Metadata