el-notification
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found.
- [DATA_EXFILTRATION]: No credential exposure, sensitive file access, or suspicious network operations were detected.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code execution or download scripts from untrusted sources.
- [INDIRECT_PROMPT_INJECTION]: The documentation mentions the
dangerouslyUseHTMLStringproperty, which can render raw HTML. While this is a potential XSS surface if used with unsanitized user input, the skill includes a 'Best Practices' section explicitly advising against its use for security reasons, recommending Vue VNodes instead. This is standard documentation for the Element Plus UI library. - [COMMAND_EXECUTION]: No shell command execution or privilege escalation patterns were identified.
Audit Metadata