send-file
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides a direct path for extracting data from the local filesystem to a remote Telegram chat via the
almaCLI tool. - Evidence: The skill's instructions tell the agent it must deliver "ANY file the user asks to see" and mentions "sharing any file path".
- Evidence: The bash commands
alma send file,alma send photo, etc., transmit the file contents to the destination specified by theALMA_CHAT_IDenvironment variable. - [COMMAND_EXECUTION]: The skill is configured to use the Bash tool to execute system commands.
- Evidence: The
allowed-toolssection explicitly includesBash, and the core functionality relies on executing thealmacommand-line interface. - [DATA_EXFILTRATION]: The skill has a high vulnerability to data exposure via user manipulation (Indirect Prompt Injection surface).
- Ingestion points: File paths are ingested directly from user prompts or generated by the agent based on user requests (e.g., SKILL.md mentions triggers like "sharing any file path").
- Boundary markers: None. There are no instructions or system constraints provided within the skill to prevent the agent from accessing sensitive locations like
~/.ssh/,.envfiles, or/etc/. - Capability inventory: The skill combines filesystem read access with network transmission capabilities via the
almatool. - Sanitization: There is no evidence of path validation or sanitization logic to ensure that only intended or safe files are transmitted.
Audit Metadata