Skills
skills/aibtcdev/skills/inbox/Gen Agent Trust Hub

inbox

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the ingestion of external data. \n
  • Ingestion points: The read and status subcommands in inbox.ts fetch message content from the external API endpoint https://aibtc.com/api/inbox. \n
  • Boundary markers: No delimiters or instructions are provided in SKILL.md or AGENT.md to prevent the agent from executing commands embedded in the received message content. \n
  • Capability inventory: The agent can perform high-impact financial operations, such as sending sBTC via the send command in inbox.ts, which could be abused if the agent is manipulated by malicious message content. \n
  • Sanitization: There is no evidence of sanitization or filtering of external message content before it is parsed and acted upon by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:42 AM