telegram-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted input via tools like TELEGRAM_GET_UPDATES and TELEGRAM_GET_CHAT_HISTORY. This creates a vulnerability where malicious instructions in received messages could influence the agent's actions. 1. Ingestion points: TELEGRAM_GET_UPDATES and TELEGRAM_GET_CHAT_HISTORY. 2. Boundary markers: Absent. 3. Capability inventory: Message sending, chat management, and bot command configuration. 4. Sanitization: Absent.
- External Resource Reference (LOW): The setup guide instructs users to configure an external MCP server at https://rube.app/mcp. Since this domain is not within the pre-approved trusted organizations list, users should verify the provider before use.
Audit Metadata