Skills
skills/takazudo/claude-resources/dev-gha-ifttt-notify/Gen Agent Trust Hub

dev-gha-ifttt-notify

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The workflow template transmits GitHub Actions status and commit metadata to the well-known IFTTT Webhook service to provide mobile notifications. This is the primary intended function of the skill.- [PROMPT_INJECTION]: The skill defines a surface that processes untrusted metadata from GitHub's environment and git history for inclusion in the notification payload.
  • Ingestion points: Metadata such as commit messages and workflow run details are ingested in the SKILL.md script section.
  • Boundary markers: Explicit boundary markers are not used in the shell script interpolation.
  • Capability inventory: The script is capable of performing network POST requests using curl to the IFTTT endpoint.
  • Sanitization: The template prevents injection by using jq --arg to safely convert shell variables into JSON string literals, ensuring untrusted input cannot alter the structure of the outgoing payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 11:11 PM
Security Audit — agent-trust-hub — dev-gha-ifttt-notify