astrbot-plugin-dev
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The documentation and code samples for AstrBot plugin development do not contain any malicious patterns, hardcoded credentials, or unauthorized remote code execution. External resources referenced belong to the official AstrBot project infrastructure.- [DATA_EXFILTRATION]: The skill documentation describes how to handle session identifiers (unified_msg_origin) and platform-specific metadata. There is no evidence of unauthorized access to sensitive system files or exfiltration of user data to untrusted external domains.- [PROMPT_INJECTION]: The skill provides instructions for creating plugins that process user messages and interact with LLMs, which is a common surface for indirect prompt injection.\n
- Ingestion points: Untrusted user input is ingested via the
event.message_strproperty in plugin handlers as shown inSKILL.mdandreferences/core-api.md.\n - Boundary markers: The provided code examples do not demonstrate the use of delimiters or specific system instructions to isolate user-provided data from command logic.\n
- Capability inventory: Plugins have the capability to perform network requests via
httpx, store data locally, and execute direct LLM calls using thellm_generateAPI.\n - Sanitization: The instructional samples do not include sanitization or validation logic for the content of incoming message events before they are passed to LLM providers or tools.
Audit Metadata