BlueBubbles
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill outlines a webhook handler that ingests data from external BlueBubbles servers, creating a potential surface for indirect injection.
- Ingestion points:
extensions/bluebubbles/src/monitor.tsprocesses inbound JSON payloads. - Boundary markers: None specified for the message content; however, the documentation advises defensive normalization of metadata.
- Capability inventory: The plugin includes capabilities to send messages, reactions, and download attachments via defined internal helpers.
- Sanitization: The instructions recommend defensive normalization of sender and chat IDs, while message content is routed to the core reply pipeline for further processing.
- [DATA_EXPOSURE]: The skill defines configuration keys for
serverUrlandpassword. These are documented as part of the required configuration schema for the plugin and do not contain hardcoded credentials.
Audit Metadata