telegram
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from Telegram messages which are then used to enrich the prompt for an AI session.
- Ingestion points: Inbound messages handled in packages/gateway/src/channels/telegram.ts.
- Boundary markers: No explicit markers specified for delimiting user input within the prompt context.
- Capability inventory: The agent can send messages, reactions, and media, and execute system commands like /kill.
- Sanitization: No explicit sanitization of incoming text is described prior to prompt interpolation.
- [COMMAND_EXECUTION]: The skill implements commands that interact with host system processes.
- Evidence: The /kill command is documented to disable a launchd service and terminate the process.
- Evidence: Troubleshooting guidelines suggest manual execution of system utilities such as ps, grep, and cat.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the downloading of remote content from a well-known service.
- Evidence: Incoming media files are downloaded from Telegram's servers via the Bot API.
- Evidence: Files are saved to /tmp/joelclaw-media/ using UUID-based filenames to prevent path traversal.
Audit Metadata