bluebubbles
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill describes an architecture for ingesting and processing untrusted messaging data from an external service.
- Ingestion points:
extensions/bluebubbles/src/monitor.tsacts as a webhook handler receiving external JSON payloads via an HTTP server. - Boundary markers: The instructions lack requirements for using delimiters or explicit 'ignore embedded instructions' warnings for the content of messages passed into the core reply pipeline.
- Capability inventory: The skill's implementation includes network messaging capabilities (
sendMessageBlueBubbles,buildBlueBubblesApiUrl), chat interaction tools, and file handling (downloadBlueBubblesAttachment). - Sanitization: While the skill mentions defensive normalization of sender and chat IDs, it does not include instructions to sanitize or escape message bodies before they influence agent behavior.
Audit Metadata