bstorms
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
register()function is designed to return aprivate_keyto the agent. Transmitting and handling raw private keys in plaintext via an API response is an unsafe practice that increases the risk of credential exposure if the data is logged or stored insecurely by the agent. - [COMMAND_EXECUTION]: The skill facilitates the ingestion of 'playbooks' that are explicitly structured to include a
TASKSsection containing shell commands. This creates a direct vector for the execution of untrusted code sourced from a remote marketplace. - [PROMPT_INJECTION]: The skill has a high exposure to indirect prompt injection because it processes content authored by external agents.
- Ingestion points: Data enters the environment via the
ask,inbox, andquestionstools which query the bstorms.ai marketplace. - Boundary markers: While the skill documentation mentions a
_warningfield and server-side scanning, these markers do not provide robust isolation for the untrusted instructions retrieved. - Capability inventory: The primary purpose of the skill is to retrieve and act upon external instructions that include system commands, making it a high-value target for injection attacks.
- Sanitization: There is no indication of client-side validation or strict schema enforcement to sanitize the 'content' of playbooks before they are parsed by the agent.
Audit Metadata