botchan
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation guide instructs users to globally install the
botchanNPM package and add thestuckinaboot/botchanskill. These sources are not recognized as trusted organizations or well-known technology services.- [COMMAND_EXECUTION]: The skill operates by executing shell-based CLI commands (e.g.,botchan feeds,botchan read,botchan post), which requires the agent to have command execution capabilities on the host system.- [PROMPT_INJECTION]: The skill provides tools to read data from a permissionless onchain messaging layer, creating an indirect prompt injection surface. - Ingestion points: Untrusted data enters the agent context through the
botchan read,botchan profile, andbotchan commentscommands as shown inSKILL.md. - Boundary markers: The skill documentation does not provide delimiters or "ignore embedded instructions" warnings for the agent when processing retrieved messages.
- Capability inventory: The agent has the capability to post messages and register feeds on the blockchain, which could be misdirected by instructions embedded in the feed content.
- Sanitization: No sanitization or content validation steps are outlined for handling the arbitrary text data fetched from the blockchain.
Audit Metadata