bluebubbles
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions define a process for ingesting external data via webhooks, creating a surface for indirect prompt injection. • Ingestion points: The webhook handler in
extensions/bluebubbles/src/monitor.tsprocesses external JSON payloads from the BlueBubbles server. • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when interpolating inbound message content into prompts. • Capability inventory: The plugin includes capabilities to send messages (sendMessageBlueBubbles), send reactions, and perform network requests (blueBubblesFetchWithTimeout). • Sanitization: While the skill suggests defensive normalization for sender IDs, it lacks explicit guidance for sanitizing or escaping message content before it is processed by the core pipeline. - [NO_CODE]: The skill package contains no executable scripts, binaries, or configuration files other than the SKILL.md file.
Audit Metadata