blink-notifications
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides tools and examples for sending emails and SMS messages using platform-provided capabilities. The behavior aligns with the stated purpose of the skill.
- [DATA_EXFILTRATION]: The skill inherently possesses the capability to send data to external email addresses and phone numbers. This is the intended primary function of the skill for notifications.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing untrusted data (email bodies, SMS content). * Ingestion points: Email recipients, subjects, HTML/text bodies, and SMS message bodies in SKILL.md. * Boundary markers: None identified in the tool definitions or examples. * Capability inventory: Sending emails (
blink_notify_email) and SMS (blink_sms_send) to arbitrary external destinations. * Sanitization: No explicit sanitization or validation of the input content is described in the provided instructions.
Audit Metadata