The Agent Skills Directory

[OBFUSCATION]: The skill distribution includes minified JavaScript files (dist/hook.js, dist/bridge.js, dist/cli.js). Although the source TypeScript files are provided in the src/ directory, the use of minified code in an AI agent extension is generally discouraged as it obscures the actual runtime logic.\n- [REMOTE_CODE_EXECUTION]: The installation process (documented in README.md and SKILL.md) involves piping a remote shell script from GitHub directly to bash (curl -fsSL ... | bash). While this script originates from the author's own repository, it represents a high-risk execution pattern.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Evidence chain: 1. Ingestion points: Data is ingested from the Telegram API via pollTelegram in src/services/telegram-poller.ts. 2. Boundary markers: None; incoming messages are treated directly as user instructions. 3. Capability inventory: The skill has the capability to write to the filesystem (src/services/ipc.ts), spawn processes (src/services/daemon-launcher.ts), and trigger shell commands through the agent's own tools. 4. Sanitization: None; messages are used as-is. This vulnerability allows any user with access to the configured Telegram group to execute arbitrary commands on the host system via the agent.\n- [COMMAND_EXECUTION]: The skill's primary purpose is to enable remote command execution. It spawns a background daemon process and facilitates the injection of external instructions into the Claude Code environment.\n- [DATA_EXFILTRATION]: The skill intentionally transmits data, including agent output and tool call descriptions, to an external service (Telegram) via the api.telegram.org endpoint.

afk-claude-telegram-bridge