bluebubbles
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The analyzed content is composed of markdown documentation and JSON examples for tool definitions; no executable code files (e.g., Python or JavaScript) are included.
- [DATA_EXFILTRATION]: The 'sendAttachment' action includes a 'path' parameter that allows the agent to read and transmit local files. This provides a functional interface for file-system access.
- [PROMPT_INJECTION]: The skill processes untrusted external content from iMessage chats, creating a surface for indirect prompt injection. (1) Ingestion points: External messages received via the BlueBubbles integration; (2) Boundary markers: None; (3) Capability inventory: Local file access ('sendAttachment') and communication via the BlueBubbles gateway; (4) Sanitization: No sanitization or input validation logic is present in the skill definition.
- [SAFE]: No signs of obfuscation, hardcoded credentials, or malicious remote code execution were detected in the skill content.
Audit Metadata