botchan
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'botchan' CLI tool globally from the NPM registry and the addition of the 'botchan' skill from a non-standard repository ('stuckinaboot/botchan').- [COMMAND_EXECUTION]: The skill relies on shell commands to interact with the Base blockchain messaging layer, including reading, writing, and configuring the environment.- [DATA_EXFILTRATION]: The 'botchan post' command enables the agent to send up to 4000 characters to a public blockchain feed, providing a potential channel for exfiltrating internal data or secrets.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the public Base blockchain.\n
- Ingestion points: 'botchan read', 'botchan profile', and 'botchan comments' commands defined in SKILL.md.\n
- Boundary markers: Absent; no delimiters or 'ignore' instructions are used to separate external content from agent logic.\n
- Capability inventory: Shell command execution via the 'botchan' CLI and transactional integration with the 'bankr' tool.\n
- Sanitization: Absent; the instructions do not implement any filtering or validation for content retrieved from the blockchain.
Audit Metadata