The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes system commands to provide alerts.
Evidence: notify.py uses subprocess.Popen to call afplay (macOS), paplay/aplay (Linux) for sounds, and osascript for macOS Notification Center alerts.
Evidence: notify.py executes git rev-parse --show-toplevel to determine the project context for the notification title.
Evidence: setup.py executes notify.py via subprocess.run to send a test notification during installation.
[CREDENTIALS_UNSAFE]: The skill manages sensitive API tokens and passwords.
Evidence: setup.py interactively prompts the user for Telegram bot tokens, SMTP passwords, and Slack/Discord webhook URLs.
Evidence: These credentials are saved in plain text within the user's home directory at ~/.claude/notify-config.json. This is standard practice for local CLI tools but requires the user to secure their local filesystem.
[DATA_EXFILTRATION]: The skill is designed to send agent status information to external services.
Evidence: notify.py sends event messages (e.g., "Task completed", "Permission required") to well-known services including Telegram, Slack, and Discord, as well as via SMTP email.
Note: This behavior is the intended primary function of the skill.
[PROMPT_INJECTION] (Indirect): The skill processes data from AI agent hooks which could potentially contain malicious content if the agent is compromised.
Ingestion points: Reads from stdin in notify.py and command-line arguments.
Boundary markers: Absent. The script treats the entire input as the event payload.
Capability inventory: subprocess calls (osascript, afplay, etc.) and network requests (urllib.request).
Sanitization: Partial. The script escapes double-quotes when building the AppleScript string for osascript but does not perform comprehensive validation of the incoming message content.

agent-notifier