telegram-polling
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from Telegram messages. However, it implements significant mitigations.\n
- Ingestion points: Incoming Telegram message text and file uploads are processed and passed to subagents in
SKILL.md.\n - Boundary markers: The skill explicitly isolates user-provided content using
<untrusted_telegram_question>,<untrusted_telegram_description>, and<untrusted_file_content>tags.\n - Capability inventory: The skill utilizes
TaskCreateandTaskUpdatefor agent coordination andBashfor network operations and script execution.\n - Sanitization: It includes instructions for agents to treat input as data only, performs HTML escaping for filenames, and enforces file extension allowlists and size limits.\n- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform necessary operations for bot functionality.\n - It executes
curlcommands to download user-uploaded files from Telegram's official API servers.\n - It invokes a local Python script (
markitdown-convert.py) to process downloaded files.\n- [EXTERNAL_DOWNLOADS]: The skill downloads content from well-known and official Telegram domains.\n - It fetches updates from
api.telegram.organd downloads files from Telegram's file hosting service.\n- [DATA_EXFILTRATION]: The skill communicates with the Telegram API to send messages and deliver agent responses.\n - It correctly uses environment variables (e.g.,
TELEGRAM_BOT_TOKEN) for authentication, instructing users to manage these via a.envfile to avoid hardcoding secrets.
Audit Metadata