messaging
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
aitercommand-line interface to manage communication channels, routes, and message delivery. - [DATA_EXFILTRATION]: By design, the skill provides functionality to send data to external endpoints including Telegram APIs, Slack webhooks, and custom user-defined URLs.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external IM users.
- Ingestion points: Incoming messages from Telegram and other IM channels are captured and stored in the
$AITER_REPLY_CONTEXTenvironment variable. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions when passing user content to the agent.
- Capability inventory: The skill allows the agent to search
.aiter/memory/knowledge.md, run terminal commands, and log interactions in.aiter/memory/journal.mdbased on incoming messages. - Sanitization: There is no evidence of input validation or sanitization for messages received via the IM gateway before they are processed by the agent.
Audit Metadata