follow-builders
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs platform detection and uses a shell command to parse JSON from the Telegram Bot API by piping curl output to a python3 snippet during onboarding.
- [EXTERNAL_DOWNLOADS]: At runtime, the skill fetches curated JSON data feeds and markdown prompt instructions from the author's GitHub repository.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted external content (X posts and YouTube transcripts). 1. Ingestion points: prepare-digest.js fetches external feeds from GitHub. 2. Boundary markers: Absent; prompt templates do not use explicit delimiters to isolate external content. 3. Capability inventory: The skill has network access via deliver.js and shell access for cron setup. 4. Sanitization: Absent; content is interpolated directly into prompts.
- [DATA_EXFILTRATION]: The skill requests and stores user-provided Telegram and Resend API keys in a local .env file (~/.follow-builders/.env) to facilitate automated message delivery.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.telegram.org/bot - DO NOT USE without thorough review
Audit Metadata