reactions
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executecurlcommands targeting a local API athttp://localhost:23001. These commands are used to set reactions on Telegram, Discord, and Feishu platforms.- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection due to its core function of reacting to user-provided chat content. Ingestion points: Chat message content and message identifiers are read from the agent context. Boundary markers: No delimiters or safety instructions are used to distinguish user input from the skill's operational logic. Capability inventory: The skill is permitted to use theBashtool to perform local network operations. Sanitization: There is no evidence of input validation or content filtering before the agent decides to trigger a reaction based on the chat history.
Audit Metadata