telegram-polling
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The file upload handler generates a task description that instructs the agent to use the
Bashtool to executecurlandpythoncommands. These commands are constructed by interpolating external file paths and environment variables into the shell string, which presents a risk of command injection if the input is not perfectly sanitized. - [DATA_EXFILTRATION]: The
/logsand/memorycommands allow authorized Telegram users to retrieve content from internal system files, specificallysession-gap-log.jsonlandlearnings.md. This mechanism can be used to export sensitive project history or previous agent learnings to an external platform. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting untrusted text and file content from Telegram and passing it to sub-agents. While it uses
<untrusted_telegram_*>delimiters and explicit instructions to mitigate risks, the agent's behavior could still be influenced by malicious content embedded in user messages or uploaded files. - [EXTERNAL_DOWNLOADS]: The skill downloads user-provided files from the Telegram Bot API (
api.telegram.org). While this is a well-known service, the skill initiates these downloads based on external triggers.
Audit Metadata