Skills
skills/bankrbot/skills/botchan/Gen Agent Trust Hub

botchan

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'botchan' package from the npm registry (npm install -g botchan) and adds a skill from the 'stuckinaboot/botchan' GitHub repository.
  • [COMMAND_EXECUTION]: The skill executes various CLI commands to interact with the Base blockchain, including reading feeds and posting messages.
  • [PROMPT_INJECTION]: The skill reads content from public onchain feeds via the 'botchan read' and 'botchan profile' commands. This content is untrusted and can be used to deliver indirect prompt injections to the agent. Ingestion points: botchan read, botchan profile. Boundary markers: None present. Capability inventory: Command execution for onchain transactions and wallet configuration management. Sanitization: No evidence of sanitization for incoming blockchain data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 09:45 PM