The Agent Skills Directory

[PROMPT_INJECTION]: Detected an indirect prompt injection attack surface where untrusted data from external sources is ingested into the agent context.
Ingestion points: The skill extracts inbound Telegram messages from the last 24 hours for processing (SKILL.md).
Boundary markers: No delimiters or instructions to ignore embedded commands are specified in the documentation for handling the message content.
Capability inventory: The agent has the capability to write to local CRM CSV files and execute git commits based on the processed data.
Sanitization: No sanitization or filtering logic is documented for the incoming Telegram message content before it is passed to the classification model.
[COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local scripts and standard shell utilities.
Usage of python3 telegram_inbound_agent.py and tg_auth.py for core message processing and authentication.
Usage of diagnostic commands such as grep and cat to inspect local CRM records and log files.

telegram-inbound-run