Skills
skills/qwibitai/nanoclaw-skills/add-telegram-swarm/Gen Agent Trust Hub

add-telegram-swarm

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill introduces new instructions to the agent's environment via CLAUDE.md files. These instructions define how the lead agent should create and coordinate subagents, including specific message formatting and tool usage constraints. While functional, these act as persistent behavioral overrides.
  • [COMMAND_EXECUTION]: The implementation process requires the agent to modify multiple source files (src/config.ts, src/telegram.ts, src/ipc.ts, etc.) and execute build/restart commands (npm run build, ./container/build.sh, launchctl). These actions modify the host environment and application logic.
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface detected in the Agent Swarm logic.
  • Ingestion points: The sender and text parameters in the send_message tool within container/agent-runner/src/ipc-mcp-stdio.ts ingest data generated by subagents.
  • Boundary markers: Instructions in CLAUDE.md advise agents on usage, but no programmatic sanitization or delimiters are applied to the sender field before processing.
  • Capability inventory: The ingested sender string is passed directly to the Telegram setMyName API call to rename a bot, and the text is sent via sendMessage.
  • Sanitization: There is no evidence of input validation or escaping for the sender parameter before it is used in the setMyName function in src/telegram.ts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:39 AM