courier-notification-skills
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious prompt injection patterns detected. The instructions provided in SKILL.md are strictly focused on guiding the agent to provide accurate, task-specific assistance for the Courier platform and include safety protocols for handling sensitive data like OTPs.
- [DATA_EXFILTRATION]: The skill demonstrates strong security awareness by providing patterns for masking PII (email, phone, card numbers) in notifications. It consistently recommends using environment variables for API keys and provides instructions for verifying webhook signatures to prevent unauthorized data access.
- [EXTERNAL_DOWNLOADS]: All external resources and dependencies reference official vendor infrastructure (courier.com, @trycourier/* packages on npm/PyPI). These are trusted sources directly related to the skill's primary purpose.
- [REMOTE_CODE_EXECUTION]: No remote code execution vulnerabilities identified. Installation steps use standard package managers for official libraries, and there are no instances of unsafe command piping or dynamic execution of untrusted input.
Audit Metadata