bluebubbles
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a vulnerability surface for indirect prompt injection as it processes and interacts with incoming message content. \n
- Ingestion points: Incoming iMessages via the BlueBubbles gateway. \n
- Boundary markers: No specific boundary markers or instructions are defined to isolate untrusted message data. \n
- Capability inventory: Includes sendAttachment (file access/transmit), send, react, edit, unsend, and reply. \n
- Sanitization: No sanitization or validation of message strings is specified. \n- [DATA_EXFILTRATION]: The sendAttachment action provides the ability to transmit local files using the path parameter. This capability allows the agent to read from the local file system, which could lead to the exposure of sensitive files if the agent is manipulated into accessing paths such as SSH keys or configuration files.
Audit Metadata