Skills
skills/devxoul/agent-messenger/agent-telegrambot/Gen Agent Trust Hub

agent-telegrambot

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute agent-telegrambot commands, facilitating interactions with the Telegram Bot API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external Telegram chats.
  • Ingestion points: Data enters the agent context through the chat info, chat member, and message send commands which retrieve metadata and content from the Telegram API.
  • Boundary markers: The skill lacks explicit delimiters or instructions to treat data received from the Telegram API as untrusted, which could lead to the agent following instructions embedded in chat names or messages.
  • Capability inventory: The skill is authorized to perform shell execution via the Bash tool.
  • Sanitization: There is no evidence of sanitization or validation of the external content returned by the Telegram Bot API before it is presented to the agent.
  • [DATA_EXPOSURE]: The skill manages sensitive Telegram Bot tokens and chat histories, storing them in the ~/.config/agent-messenger/ directory. While this is standard for CLI tools, it represents a data exposure surface if the environment is compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 02:08 AM