pushover
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests external data for notification fields, which creates a vulnerability surface for indirect prompt injection. 1. Ingestion points: Notification parameters 'message', 'title', and 'url' in SKILL.md. 2. Boundary markers: No delimiters or isolation markers are defined for the processed data. 3. Capability inventory: Sends data to an external service (Pushover) through a dedicated tool interface. 4. Sanitization: No sanitization or validation of the input strings is specified in the skill definition.
- [NO_CODE]: The skill is purely documentation and metadata for an existing tool interface; it does not include any executable scripts or binaries, which reduces the potential for direct code-based attacks.
Audit Metadata