add-telegram-swarm
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions for agents to coordinate as a team and role-play as specific characters. It directs the lead agent to follow user prompts exactly when creating teams, which establishes an indirect injection surface.
- Ingestion points: User-provided prompts and group messages processed through the IPC routing logic.
- Boundary markers: No delimiters or ignore-instructions markers are defined for untrusted content passed to sub-agents.
- Capability inventory: Sub-agents have access to the
send_messagetool and Telegram API. - Sanitization: No input validation is specified for user-provided roles or message content.
- [COMMAND_EXECUTION]: The skill requires the user or agent to execute system-level commands to rebuild containerized tools (
./container/build.sh) and restart background services (launchctlorsystemctl) to apply environment and code changes. - [CREDENTIALS_UNSAFE]: The skill instructions involve the collection and storage of Telegram Bot API tokens in plaintext environment files (
.envanddata/env/env). - [EXTERNAL_DOWNLOADS]: The implementation interacts with the official Telegram Bot API (api.telegram.org) using the Grammy library to send messages and manage bot identities.
Audit Metadata