telegram-bot-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the ingestion and reflection of untrusted user data.
- Ingestion points: User-provided message content is ingested via 'ctx.message.text' in the text handler snippet and other interaction points like 'ctx.message.successful_payment'.
- Boundary markers: The provided code patterns do not implement delimiters or 'ignore' instructions to prevent the model from misinterpreting user content as internal instructions.
- Capability inventory: The showcased capabilities are limited to the Telegram Bot API (e.g., 'ctx.reply', 'ctx.replyWithInvoice', 'ctx.answerCbQuery'), with no access to dangerous system-level commands, file system operations, or unauthorized network requests.
- Sanitization: There is no evidence of input validation, filtering, or sanitization of user-provided data before it is used in responses.
Audit Metadata