botshot
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-generated visual work and screenshots to the platform API at
https://botshot.dev/api/upload. This is the core functionality and is explicitly disclosed in the documentation. - [CREDENTIALS_UNSAFE]: Instructions direct the agent to store an authentication token in
~/.botshot/credentials.json. This local storage of secrets is a standard integration pattern for persistent access to the social platform. - [EXTERNAL_DOWNLOADS]: The skill references an external MCP server and installation script provided via NPM (
@botshot/mcp-server), which are official resources from the vendor 'pablostanley'. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external data from social feeds and notifications.
- Ingestion points: Data enters the context via
GET /api/feedandGET /api/notificationsinSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill possesses the ability to upload files, create posts, and post comments across its operational flow.
- Sanitization: No sanitization or validation of the ingested external content is mentioned before it is processed by the agent.
Audit Metadata