telegram-automation
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external Model Context Protocol (MCP) server located at 'https://rube.app/mcp'. This server acts as the intermediary for all Telegram operations and is not associated with a known trusted vendor or the skill author.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to the nature of Telegram automation.
- Ingestion points: The skill retrieves untrusted data from external sources via tools like
TELEGRAM_GET_UPDATESandTELEGRAM_GET_CHAT_HISTORY(file: SKILL.md). - Boundary markers: There are no instructions provided to the agent to use delimiters or ignore potential commands embedded within the retrieved Telegram messages.
- Capability inventory: The skill possesses significant capabilities, including sending messages, uploading documents, and managing chat administrative settings across multiple
TELEGRAM_*tools (file: SKILL.md). - Sanitization: There is no evidence of sanitization or validation for content received from the Telegram API before it is added to the agent's context.
Audit Metadata