The Agent Skills Directory

DATA_EXFILTRATION (MEDIUM): The script reads sensitive files including .env and SQLite databases from hardcoded absolute paths (e.g., /Users/server/ai_projects/telegram_agent/.env). This behavior is a security concern as it targets specific environment locations for potentially sensitive data.
CREDENTIALS_UNSAFE (LOW): The script contains a hardcoded Telegram Chat ID (161427550). While not a private key, hardcoding target identifiers is poor security practice for reusable skills.
EXTERNAL_DOWNLOADS (LOW): The skill depends on external Python packages python-dotenv and python-telegram-bot.
PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface: The skill renders HTML tags in the message text if detected. If the input text is derived from untrusted sources, an attacker could inject deceptive links or formatting. Evidence: 1. Ingestion: args.text via command line 2. Boundary markers: None 3. Capability inventory: bot.send_message network operation 4. Sanitization: Conditional html.escape that is bypassed if HTML-like tags are found.
COMMAND_EXECUTION (SAFE): Database lookups use parameterized SQL queries, which prevents SQL injection attacks.

telegram