Skills
skills/vm0-ai/vm0-skills/pushinator/Gen Agent Trust Hub

pushinator

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected in notification message handling.
  • Ingestion points: User-provided message strings or external data sources (like CI/CD logs or deployment statuses) are interpolated into the content field of the JSON payload in SKILL.md.
  • Boundary markers: The skill does not provide explicit delimiters or instructions to the agent to disregard potential commands embedded within the message content.
  • Capability inventory: The skill utilizes curl to transmit data to the external Pushinator API (api.pushinator.com).
  • Sanitization: No sanitization, validation, or escaping logic is implemented for the data processed into the notification body.
  • [DATA_EXFILTRATION]: The skill performs outbound network operations to a non-whitelisted external domain (api.pushinator.com). This is documented as the intended functional behavior for the notification service and does not involve the transmission of local sensitive files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:15 AM