Skills
skills/terrylica/cc-skills/send-notification/Gen Agent Trust Hub

send-notification

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to run TypeScript files (bun pushover_core.ts) and helper scripts (_lib/resolve_pushover_secret.sh) to perform its primary function.
  • [DATA_EXFILTRATION]: Instructions explicitly use env -u HTTPS_PROXY -u HTTP_PROXY to bypass the execution environment's proxy settings. This technique is used to ensure direct communication with the Pushover API but can be used to evade network-level security controls or monitoring.
  • [CREDENTIALS_UNSAFE]: The skill relies on an external script (resolve_pushover_secret.sh) to retrieve API tokens from 1Password or the macOS Keychain. While this avoids hardcoding secrets, it requires the agent to have access to these credential management systems.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 12:25 AM
Security Audit — agent-trust-hub — send-notification