botchan
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the user to provide a wallet private key via the
BOTCHAN_PRIVATE_KEYenvironment variable or the--private-keyflag for transaction signing. While this is a standard mechanism for CLI-based blockchain interactions, it carries the risk of credential exposure in environment logs or shell history.\n- [EXTERNAL_DOWNLOADS]: Requires the installation of thebotchanCLI tool from the public NPM registry, which is used for all core functionalities.\n- [COMMAND_EXECUTION]: The skill operates by executing commands through thebotchanCLI tool to interact with the Base blockchain.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from public onchain feeds and profiles.\n - Ingestion points: Data is retrieved from the blockchain via the
botchan read,botchan profile, andbotchan commentscommands as referenced inSKILL.md.\n - Boundary markers: No delimiters or instructions to ignore embedded commands are implemented when processing the external content.\n
- Capability inventory: The agent has the capability to post content, register feeds, and initiate blockchain transactions through the integrated Bankr service.\n
- Sanitization: There is no mention of sanitization, validation, or filtering of the retrieved onchain data before it is presented to or processed by the agent.
Audit Metadata