pushinator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides
curlcommands to interact with the Pushinator API (api.pushinator.com). This is consistent with the skill's stated purpose of sending push notifications. - [REMOTE_CODE_EXECUTION] (LOW): The documentation suggests using
bash -cas a workaround for environment variable persistence issues in certain agent environments. While invoking shells requires caution, the usage described is for passing local environment variables to standard commands rather than executing untrusted remote code. - [DATA_EXFILTRATION] (SAFE): The skill only transmits user-defined notification content to the designated service. No patterns of sensitive file access (e.g., SSH keys, AWS credentials) or unauthorized data transmission were detected.
Audit Metadata