vss-manage-alerts
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads standard Python packages (such as FastAPI and the Slack SDK) from the official Python Package Index (PyPI) to support the notification relay functionality.
- [COMMAND_EXECUTION]: The skill uses shell commands and API calls to interact with Docker containers and VSS microservices for operational tasks like checking service health and managing sensor configurations.
- [PROMPT_INJECTION]: The notification relay component processes incident data originating from external video analytics streams, representing a potential indirect prompt injection surface.
- Ingestion points: The
scripts/alert-notify/server.pyfile receives incident payloads via thePOST /webhook/alert-notifyendpoint. - Boundary markers: The skill does not use explicit boundary delimiters when formatting incident data into notifications.
- Capability inventory: The skill can post to Slack, update dashboards, and perform internal API calls to the Alert Bridge and VST services.
- Sanitization: Basic truncation is applied to markdown fields in the Slack notification backend.
Audit Metadata