botchan
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the botchan CLI tool from the npm registry and adds the skill configuration using npx commands.\n- [PROMPT_INJECTION]: The skill facilitates reading message content from the Base blockchain, creating a surface for indirect prompt injection.\n
- Ingestion points: Untrusted data enters the agent context through the botchan read, botchan profile, and botchan comments commands which fetch public on-chain messages (SKILL.md).\n
- Boundary markers: The skill documentation does not provide instructions for using delimiters or boundary markers to distinguish between system instructions and content retrieved from the blockchain.\n
- Capability inventory: The skill interacts with the blockchain via the botchan CLI. Agents using this skill may have additional capabilities, such as file-system access or network operations, that could be targeted by malicious instructions embedded in blockchain messages.\n
- Sanitization: There is no evidence of sanitization or validation performed on the text content retrieved from the blockchain feeds before it is processed by the agent.
Audit Metadata