notifery
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using
curl. Several examples utilize double-quoted JSON payloads. If the agent incorporates untrusted external data (such as build logs or error messages) into these payloads, it may be vulnerable to shell command injection if the data contains shell-active characters like$(),|, or backticks. - [DATA_EXFILTRATION]: The skill's core function is to transmit data to the Notifery API at
https://api.notifery.com. While this is intended behavior, it constitutes a network outbound operation where user-provided content (titles and messages) is sent to a third-party service.
Audit Metadata