bsocial
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface.
- Ingestion points: Data is fetched from the blockchain via the BMAP API in scripts including
read-posts.ts,read-messages.ts,read-follows.ts,read-friends.ts, andread-likes.ts. - Boundary markers: The scripts do not use delimiters or warning markers when displaying retrieved content such as post content or message bodies to the agent.
- Capability inventory: The skill has the ability to broadcast transactions to the network and execute shell commands via the Bun runtime.
- Sanitization: No validation or sanitization is performed on the content retrieved from the BMAP API before it is presented to the agent, allowing for potential injection of instructions via on-chain data.
- [COMMAND_EXECUTION]: Handling of sensitive private keys.
- The skill documentation and creation scripts (e.g.,
create-post.ts,create-like.ts,create-follow.ts) require a Wallet Import Format (WIF) private key as a command-line argument. - While this is the intended mechanism for signing on-chain transactions, providing private keys to an automated agent environment involves risk if the session or environment is compromised.
Audit Metadata