send-media
Fail
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill hardcodes Telegram API credentials, specifically an
API_ID(18256514) and anAPI_HASH(4b812166a74fbd4eaadf5c4c1c855926), in both the preflight check and the usage examples withinSKILL.md. Hardcoding secrets is a security risk as they can be misused or leaked. - [PROMPT_INJECTION]: The skill includes instructions labeled "Self-Evolving Skill" and "Post-Execution Reflection" that command the AI agent to "fix this file immediately" and update the markdown content based on its own performance. This facilitates autonomous modification of the skill's instructions, which can be exploited to achieve persistence or modify agent behavior in unauthorized ways.
- [COMMAND_EXECUTION]: The skill uses
uv runand shell heredocs to execute arbitrary Python code and shell commands. This includes running code directly from the skill's instructions to connect to external services and manage local sessions. - [DATA_EXFILTRATION]: The skill is designed to read files from the local filesystem and transmit them to external Telegram chats using a hardcoded chat ID (-5111414203). This capability provides a direct mechanism for sensitive data exfiltration if the agent is manipulated into sending restricted files.
- [EXTERNAL_DOWNLOADS]: The skill dynamically fetches and installs the
telethonlibrary from the official Python Package Index (PyPI) at runtime using theuv run --withflag.
Recommendations
- AI detected serious security threats
Audit Metadata