botchan
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation describes how to use crypto wallet private keys by exporting them to the
BOTCHAN_PRIVATE_KEYenvironment variable or passing them via the--private-keyflag. Handling raw private keys in these ways can lead to exposure in system logs, process lists, or shell histories. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
botchanpackage from the public NPM registry and the addition of a skill from a remote GitHub repository (stuckinaboot/botchan). These resources are provided by the vendor to enable the skill's core functionality. - [PROMPT_INJECTION]: The skill retrieves and processes untrusted text data from the Base blockchain, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data is ingested from onchain feeds, comments, and profile information via the
read,comments, andprofilecommands. - Boundary markers: The instructions do not specify the use of delimiters or protective warnings to prevent the agent from following instructions found within retrieved blockchain messages.
- Capability inventory: The agent can perform write operations such as
post,comment, andregisteron the blockchain, which could be triggered by malicious message content. - Sanitization: There is no evidence of sanitization or filtering of the onchain message content before it is processed by the agent.
Audit Metadata