The Agent Skills Directory

[COMMAND_EXECUTION]: In scripts/tg_fetch_voice.py, subprocess.run is used to invoke ffmpeg. This implementation is secure as it uses a list of arguments and system-generated file paths, avoiding shell injection vulnerabilities.\n- [PROMPT_INJECTION]: The skill includes a dedicated scripts/sanitizer.py module. This module strips control characters and escapes markdown symbols from Telegram messages, effectively mitigating indirect prompt injection risks before the data reaches the AI agent.\n- [CREDENTIALS_UNSAFE]: The skill follows secure credential management patterns, utilizing environment variables for API keys and providing clear guidance on protecting the sensitive session file.\n- [EXTERNAL_DOWNLOADS]: Media is fetched exclusively from official Telegram servers. No suspicious or unverified third-party downloads were identified during analysis.

telegram