send-file

The skill documentation defines a powerful file-exfiltration channel: an agent with Bash and file-read access can send arbitrary files to remote Telegram chats via the alma CLI. The document itself is not malicious code, but it lacks critical safeguards (confirmation, path restrictions, provenance of alma, logging/auditing) and thus poses a moderate-to-high security risk for data leakage in typical agent environments. Mitigations: require explicit per-file user confirmation for sensitive locations, implement path whitelists/blacklists (deny ~/.ssh, ~/.aws, /etc), enforce interactive prompts when ALMA_CHAT_ID is present, validate and disclose alma CLI provenance and network endpoints, restrict Bash tool scope or sandbox file access, and add audit logging for all sends.