skills/datadrivenconstruction/ddc_skills_for_ai_agents_in_construction/telegram-field-bot/Gen Agent Trust Hub
telegram-field-bot
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill's report aggregation function in SKILL.md presents a surface for indirect prompt injection by embedding raw user data into LLM prompts. -- Ingestion points: Text and captions from Telegram messages enter the system via the bot API. -- Boundary markers: The prompt template used for summarization lacks delimiters or instructions to ignore embedded commands. -- Capability inventory: The implementation code includes filesystem write operations and network POST requests. -- Sanitization: No sanitization of user data is performed before LLM processing.
- [DATA_EXFILTRATION]: The skill code includes patterns for downloading media to the local filesystem and transmitting data to external webhooks.
Audit Metadata