The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/posting_schedule.sh constructs and executes a shell command using data directly parsed from an external website. It interpolates the datetime attribute from Telegram posts into a date -d command without sufficient sanitization, creating a potential command injection vector if the external source is compromised or provides malformed data.
[COMMAND_EXECUTION]: The scripts/common.sh script uses the eval command on variables derived from the local .env configuration file. Additionally, the load_config function sources the configuration file directly (. "$CONFIG_FILE"), which executes its contents as a shell script, posing a risk if the configuration file is modified by an untrusted source.
[PROMPT_INJECTION]: The React artifact template assets/digest-feed.tsx utilizes dangerouslySetInnerHTML to render content from Telegram posts. While the AWK parser in scripts/parse_tg_posts.awk attempts to remove some HTML tags and the style attribute, it does not use a robust whitelist or strip event handlers (such as onclick or onerror). This creates a surface for indirect prompt injection or XSS within the agent's UI environment.
[PROMPT_INJECTION]: The skill ingests untrusted data from public Telegram channels and processes it to create digests and analytics without implementing boundary markers or explicit instructions to the agent to ignore any embedded directives within the channel content (Category 8 surface).

telegram-channel-parser