telegram-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection due to its processing of untrusted external content. Ingestion points: Data enters the agent's context through tools like TELEGRAM_GET_UPDATES and TELEGRAM_GET_CHAT_HISTORY (SKILL.md). Boundary markers: The skill instructions do not specify any delimiters or safety markers to isolate external message content from agent instructions. Capability inventory: The agent possesses capabilities to send messages and manage bot configuration, such as TELEGRAM_SET_MY_COMMANDS, which could be abused if malicious instructions are followed. Sanitization: No sanitization, escaping, or validation steps are prescribed for the ingested data before it is processed by the agent.
- [NO_CODE]: This skill consists entirely of markdown documentation and tool reference schemas; no scripts, executables, or binary files are included, which significantly reduces the risk of direct malicious code execution.
Audit Metadata