bluebubbles
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to interact with and process content from iMessages, which constitutes an ingestion point for untrusted external data. * Ingestion points: Incoming message text and metadata received through the BlueBubbles gateway. * Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between user-provided data and system-level instructions. * Capability inventory: Sending messages, reactions, and attachments; editing or unsending messages; and managing group chat participants. * Sanitization: Absent. The skill does not describe any filtering or validation of incoming message content.
- [DATA_EXFILTRATION]: Local File Access Risk. The
sendAttachmentaction includes apathparameter that allows the agent to specify local files to be uploaded and sent as iMessage attachments. This functionality provides a direct method for an agent to access and transmit files from the local filesystem. In the event of a prompt injection or malicious instructions, this could be exploited to exfiltrate sensitive configuration files or personal data.
Audit Metadata