react-native-notifications
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an implementation surface for indirect prompt injection via notification payloads.
- Ingestion points: The
references/implementation.mdfile demonstrates receiving untrusted data from remote notification services throughmessaging().onNotificationOpenedAppandmessaging().getInitialNotification. - Boundary markers: The
SKILL.mdfile includes an anti-pattern warning against blindly trusting payload data, though the provided implementation examples do not show explicit validation logic. - Capability inventory: The skill demonstrates using external payload data to perform application navigation via
navigate(remoteMessage.data.screen). - Sanitization: The implementation examples check for the existence of the data field but do not demonstrate sanitization or whitelisting of the screen names before navigation.
Audit Metadata