Skills
skills/leifermendez/bbc-skill-mcp/bbc-skill-tool/Gen Agent Trust Hub

bbc-skill-tool

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a comprehensive technical guide for using the builderbot_* toolset. It defines clear workflows for project creation, flow management, and bot deployment.
  • [PROMPT_INJECTION]: The skill architecture involves building AI assistants that process untrusted user input, establishing an indirect prompt injection surface. This is a design characteristic of the intended bot functionality.
  • Ingestion points: WhatsApp user messages are processed by AI assistants (add_chatpdf) as described in SKILL.md and references/verticals.md templates.
  • Boundary markers: The provided AI instruction templates lack explicit markers or instructions to isolate user input from system instructions.
  • Capability inventory: The created bots possess network capabilities, including making HTTP requests (add_http) and scraping URLs (scrapeUrl), as documented in references/advanced-patterns.md.
  • Sanitization: The templates do not include procedures for sanitizing or validating user input before it is used in subsequent automated actions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 02:37 PM