bluebubbles
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from external iMessage conversations, which could contain malicious instructions. * Ingestion points: Incoming messages enter the agent context from the BlueBubbles gateway. * Boundary markers: There are no delimiters or instructions provided to separate untrusted message content from the agent's instructions. * Capability inventory: The agent can send messages, manage chat participants, and access local files for attachments. * Sanitization: No specific sanitization or filtering of incoming message content is described in the skill instructions.
- [DATA_EXFILTRATION]: The skill provides an interface to read and transmit local files via the iMessage attachment feature. * Evidence: The sendAttachment action allows specifying a path to local files, such as /tmp/photo.jpg, for transmission through the messaging channel.
Audit Metadata