telegram-automation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure a third-party MCP server endpoint at
https://rube.app/mcp. This connection is required for the skill to interact with the Telegram API through the Rube/Composio toolkit. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from external Telegram chats.
- Ingestion points: Untrusted content enters the agent's context through tools like
TELEGRAM_GET_UPDATESandTELEGRAM_GET_CHAT_HISTORYas described inSKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to help the agent distinguish between message data and operational instructions.
- Capability inventory: The skill possesses the ability to send messages, delete content, and modify bot commands via tools such as
TELEGRAM_SEND_MESSAGE,TELEGRAM_DELETE_MESSAGE, andTELEGRAM_SET_MY_COMMANDS. - Sanitization: The skill does not mention any sanitization, filtering, or validation steps for content retrieved from chat history or updates before the agent acts upon it.
Audit Metadata