Skills
skills/changgenglu/changgenglu-blog/line-notifier/Gen Agent Trust Hub

line-notifier

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by interpolating untrusted data (project names, task summaries, and status updates) directly into notification templates without sanitization or boundary markers.
  • Ingestion points: Data is ingested through variables such as {project_name}, {task_summary}, {status}, and {item_N} defined in the message templates within SKILL.md.
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands within the dynamic content.
  • Capability inventory: The skill has access to the push_text_message tool, which performs network operations to send data to external LINE users.
  • Sanitization: No sanitization, validation, or escaping logic is defined for the content before it is processed by the agent and sent via the MCP tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 10:49 AM