Skills
skills/dokhacgiakhoa/antigravity-ide/telegram-bot-builder/Gen Agent Trust Hub

telegram-bot-builder

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in the provided bot implementation examples.\n
  • Ingestion points: User-provided text is ingested via ctx.message.text in sub-skills/basic-telegraf-setup.md.\n
  • Boundary markers: Example snippets do not implement delimiters or instructions to ignore potential commands within user input.\n
  • Capability inventory: The bot logic includes replying to messages and processing payments.\n
  • Sanitization: Input validation or sanitization is absent in the basic setup examples.\n- [SAFE]: The skill follows security best practices for secret management by utilizing environment variables for bot and payment tokens instead of hardcoding credentials.\n- [SAFE]: All library references and stack recommendations target established and trusted open-source packages within the Telegram development ecosystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:34 AM