configure-notifications
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash scripts to perform file operations, manage the ~/.claude/.omc-config.json configuration file, and execute curl commands for testing connectivity.
- [CREDENTIALS_UNSAFE]: The skill prompts users for sensitive information, including Telegram bot tokens and Discord/Slack webhook URLs, which are stored in a local configuration file to facilitate ongoing notification services.
- [EXTERNAL_DOWNLOADS]: Outbound network requests are made to official and well-known service domains (api.telegram.org, discord.com, and hooks.slack.com) for the purpose of sending test notifications.
- [PROMPT_INJECTION]: There is an inherent risk of indirect prompt injection given that user-provided configuration values are processed and used in shell commands. 1. Ingestion points: Data enters the context through AskUserQuestion prompts for bot tokens and chat identifiers. 2. Boundary markers: The skill includes specific validation guidelines for the agent to verify the format of tokens and URLs before use. 3. Capability inventory: The skill utilizes bash for command execution, including file manipulation and network interaction via curl and jq. 4. Sanitization: While jq --arg is used for robust JSON construction, user variables are interpolated directly into shell strings for curl operations.
Audit Metadata