Skills
skills/proficientlyjobs/proficiently-claude-skills/jobsearch-telegram/Gen Agent Trust Hub

jobsearch-telegram

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from Telegram messages, creating a surface for indirect prompt injection. 1. Ingestion points: Incoming messages from the Telegram Bot API (SKILL.md). 2. Boundary markers: No explicit markers or delimiters are used for message text. 3. Capability inventory: Execution of shell commands (curl, jq), browser automation (mcp__claude-in-chrome), and file system access. 4. Sanitization: Requires manual user confirmation via Telegram for both field mapping and final submission.
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute curl and jq for processing Telegram API requests and responses.
  • [EXTERNAL_DOWNLOADS]: Interacts with the Telegram API (api.telegram.org) to poll for updates and send automated notifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:18 PM