databuddy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill transmits LLM prompt and response data to 'https://basket.databuddy.cc/llm' when the LLM observability feature is used. While this is the intended purpose of the skill, it creates a surface for potential PII or sensitive data exposure to a third-party analytics provider. Evidence: The 'AICall' interface in 'databuddy-ai-vercel/SKILL.md' includes 'input' and 'output' message arrays which are sent to the backend. Mitigation: The SDK provides a 'privacyMode' configuration to exclude this content.
- Indirect Prompt Injection (LOW): The skill instructions repeatedly prompt the agent to fetch documentation from an external URL 'https://databuddy.cc/llms.txt'. This is an untrusted ingestion point where an attacker could theoretically inject instructions to influence the agent's behavior. Evidence: 'External Documentation' sections in 'SKILL.md' and sub-files. Mandatory Evidence Chain: 1. Ingestion point: 'https://databuddy.cc/llms.txt'. 2. Boundary markers: Absent. 3. Capability inventory: Network POST requests to send event data. 4. Sanitization: None for the fetched text.
- External Downloads (LOW): The skill utilizes several Node.js packages from the '@databuddy' and '@ai-sdk' namespaces. While these are standard for this integration, they are external dependencies. Evidence: Installation commands in 'databuddy-ai-vercel/SKILL.md' and others.
Audit Metadata