Skills
skills/davepoon/buildwithclaude/telegram-automation/Gen Agent Trust Hub

telegram-automation

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection because it retrieves and processes untrusted data from external Telegram chats.
  • Ingestion points: The tools TELEGRAM_GET_UPDATES and TELEGRAM_GET_CHAT_HISTORY allow the agent to read arbitrary text from Telegram users.
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the message data.
  • Capability inventory: The skill possesses significant capabilities including TELEGRAM_SEND_MESSAGE, TELEGRAM_DELETE_MESSAGE, and TELEGRAM_SET_MY_COMMANDS which could be abused if an attacker triggers the agent via a sent message.
  • Sanitization: Absent. There is no mention of validating or escaping message content before processing.
  • External Downloads (LOW): The setup instructions require adding a remote MCP server (https://rube.app/mcp). While this is the intended mechanism for the skill, it creates a dependency on an external, non-whitelisted infrastructure provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 08:18 AM