Skills
skills/termix-official/cryptoclaw/bluebubbles/Gen Agent Trust Hub

bluebubbles

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides a sendAttachment action that accepts a path parameter to read files from the local filesystem and send them externally via the BlueBubbles gateway. This capability can be abused to exfiltrate sensitive files (e.g., credentials, configuration files) if the agent is tricked into using an unauthorized path.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes external data (iMessage content) and possesses high-risk capabilities (file read and network transmission). An attacker could send a message that instructs the agent to execute the sendAttachment action on a sensitive local file.
  • Ingestion points: External message content processed via the message tool (SKILL.md).
  • Boundary markers: None identified; the instructions do not specify delimiters to separate untrusted message content from agent instructions.
  • Capability inventory: The sendAttachment action (SKILL.md) reads from the filesystem; the send and sendAttachment actions perform network operations through the BlueBubbles gateway.
  • Sanitization: None identified; there is no mention of path validation or content filtering before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:14 AM