bot-channel-task
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified where external input could influence agent behavior.
- Ingestion points: Processes data received via external messaging channels (e.g., Telegram) as described in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested channel data are provided.
- Capability inventory: The skill can launch background subagents using the Agent tool, execute internal job management commands (/bot-jobs), and send replies to the messaging channel.
- Sanitization: No evidence of sanitization, validation, or filtering of the external message content before processing.
- [COMMAND_EXECUTION]: The skill interprets natural language user intent to invoke internal system subcommands (/bot-jobs add, /bot-jobs list, /bot-jobs pause) for managing scheduled tasks.
Audit Metadata