bluebubbles
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a webhook handler that processes untrusted JSON data from BlueBubbles, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Untrusted message data enters the system through webhooks processed in extensions/bluebubbles/src/monitor.ts.\n
- Boundary markers: The instructions do not define boundary markers or delimiters to isolate processed external content from the agent's internal logic.\n
- Capability inventory: The skill utilizes REST helpers and a runtime bridge to perform actions such as sending messages, reactions, and marking chats as read via extensions/bluebubbles/src/send.ts and extensions/bluebubbles/src/chat.ts.\n
- Sanitization: While the instructions recommend defensive normalization for sender and chat IDs, they do not specify sanitization or escaping protocols for the content of the inbound message payloads.
Audit Metadata