Skills
skills/leifermendez/skill-builderbot-code/builderbot-code-skill/Gen Agent Trust Hub

builderbot-code-skill

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user input from chatbot platforms, creating an indirect prompt injection surface.\n
  • Ingestion points: The ctx.body property is accessed in SKILL.md and patterns.md to process incoming messages.\n
  • Boundary markers: No specific delimiters or "ignore" instructions are used to wrap user input in the provided code patterns.\n
  • Capability inventory: The bot can perform network requests (fetch in patterns.md), file operations (provider.saveFile in patterns.md), and send outgoing messages (bot.sendMessage in patterns.md).\n
  • Sanitization: Basic validation logic (e.g., regex for emails) is demonstrated in patterns.md, but there is no universal sanitization of the ctx.body input.\n- [COMMAND_EXECUTION]: The documentation includes deployment instructions that recommend granting high-privilege capabilities to the bot container.\n
  • Evidence: providers.md contains a Docker command using the --cap-add SYS_ADMIN flag.\n
  • Context: This privilege is noted as necessary for the Baileys provider which relies on Chromium-based automation.\n- [DATA_EXFILTRATION]: The skill provides patterns for the bot to transmit data to external servers via network operations.\n
  • Evidence: patterns.md demonstrates using the fetch API to send user data (such as phone numbers) to an external API endpoint (https://my.app/api/check).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 03:19 PM