telegram-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface because it reads and processes untrusted data from external sources.
- Ingestion points: The skill retrieves message content and chat history via
TELEGRAM_GET_UPDATESandTELEGRAM_GET_CHAT_HISTORYas described inSKILL.md. - Boundary markers: There are no documented delimiters or instructions to ignore embedded commands within the retrieved chat data.
- Capability inventory: The skill possesses significant capabilities, including sending/deleting messages, managing chat settings, and modifying bot commands.
- Sanitization: No input validation or content filtering mechanisms are specified for the data ingested from Telegram.
- [EXTERNAL_DOWNLOADS]: The skill references and requires the configuration of an external MCP server endpoint (
https://rube.app/mcp). This URL provides the necessary tool schemas and integration logic for the Rube/Composio ecosystem.
Audit Metadata