el-notification

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found.
  • [DATA_EXFILTRATION]: No credential exposure, sensitive file access, or suspicious network operations were detected.
  • [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code execution or download scripts from untrusted sources.
  • [INDIRECT_PROMPT_INJECTION]: The documentation mentions the dangerouslyUseHTMLString property, which can render raw HTML. While this is a potential XSS surface if used with unsanitized user input, the skill includes a 'Best Practices' section explicitly advising against its use for security reasons, recommending Vue VNodes instead. This is standard documentation for the Element Plus UI library.
  • [COMMAND_EXECUTION]: No shell command execution or privilege escalation patterns were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 10:35 AM
Security Audit — agent-trust-hub — el-notification