botchan
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill requires a
PRIVATE_KEYenvironment variable to perform write operations like posting or registering feeds. While common for blockchain agents, managing raw private keys in environment variables is a high-risk practice compared to secure enclaves or key management services. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Risk.
- Ingestion points: The skill reads untrusted data from external sources via
/botchan read,/botchan comments, and personal inbox checks (/botchan read 0xYourAddress). - Boundary markers: No delimiters or safety instructions are defined to separate on-chain message data from agent instructions.
- Capability inventory: The skill can sign and broadcast on-chain transactions, which could be exploited if an ingested message contains malicious instructions that the LLM follows.
- Sanitization: There is no evidence of sanitization or filtering for the data fetched from the blockchain.
- [NO_CODE] (SAFE): No executable code files (.py, .js, .sh) were provided in the skill package for analysis; only the markdown definition exists.
Audit Metadata