bot-developer
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to build systems that ingest untrusted data from external chat platforms.\n
- Ingestion points: Untrusted data enters via
message.contentinreferences/moderation-system.md(AutoMod) and viaUpdate.de_json(data)inreferences/platform-templates.md(Telegram webhook).\n - Boundary markers: Code snippets lack explicit boundary markers or delimiters when interpolating user-provided chat strings into logic flows.\n
- Capability inventory: The skill requests high-privilege tools including
Bash,Write,Edit, andWebFetchto manage bot infrastructure.\n - Sanitization: While the documentation provides a security checklist recommending input sanitization, the provided implementation snippets (e.g., the fuzzy-matching word filter) are susceptible to adversarial inputs designed to bypass filters and potentially influence an agent monitoring the bot's logs.\n- Command Execution (LOW): The skill requests the
Bashtool. While no malicious shell scripts are found, the combination of bash access and external data ingestion increases the overall attack surface.\n- Credentials Unsafe (INFO): Hardcoded placeholder credentials (postgresql://user:pass@localhost/botdb) are present inreferences/platform-templates.mdfor demonstration purposes.
Audit Metadata