push-notifications

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill generates code designed to ingest and process push notification payloads from remote servers.
  • Ingestion points: NotificationPayload.swift and NotificationDelegate.swift ingest data via the userInfo dictionary provided by the system.
  • Boundary markers: None present in the generated code templates.
  • Capability inventory: The generated code includes navigation logic via NotificationCenter, local notification scheduling, and placeholders for remote API interaction.
  • Sanitization: Input is parsed using standard type casting and URL initialization; however, deep links and resource IDs are used for routing without further validation.
  • [COMMAND_EXECUTION]: The skill uses localized shell commands for environment discovery.
  • Evidence: SKILL.md contains hardcoded grep and find commands to check for existing notification code and entitlements in the project directory. No user-supplied input is passed to these commands.
  • [EXTERNAL_DOWNLOADS]: The skill includes patterns for downloading notification attachments.
  • Evidence: The NotificationServiceExtension example in push-notification-patterns.md demonstrates how to download and attach images from URLs provided in a notification's image_url field using URLSession.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — push-notifications