push-notifications
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands such as
terminal-notifier,notify-send, andcurl, as well as PowerShell scripts, to deliver notifications across different operating systems. - [CREDENTIALS_UNSAFE]: The skill collects and stores Microsoft Teams Webhook URLs in a local configuration file (
.notifications/config.json). The instructions correctly treat these as secrets, recommending they be excluded from version control and masked when displayed in the skill's status output. - [EXTERNAL_DOWNLOADS]: The documentation provides guidance for installing necessary third-party notification utilities from well-known package managers such as Homebrew and APT when they are missing from the environment.
- [PROMPT_INJECTION]: The skill processes potentially untrusted message content and interpolates it directly into shell command templates, creating a surface for indirect prompt injection or command injection if the agent does not properly sanitize inputs.
- Ingestion points: Data enters the context through the
messageandtitleparameters of the notification commands, which can be triggered by the output of other skills. - Boundary markers: Absent; the content is interpolated directly into Bash and PowerShell command strings.
- Capability inventory: The skill performs shell command execution (Bash and PowerShell) and network operations (curl).
- Sanitization: Absent; the provided instructions do not specify escaping or validating the notification content before it is passed to the system shell.
Audit Metadata