The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads a TDLib binary archive from a remote URL (http://artifacts.openclaw.ai/tdlib-v1.8.0-linux-x64.tgz) to initialize the Telegram automation environment.\n- [COMMAND_EXECUTION]: Instructs the agent to execute arbitrary shell commands inside the Crabbox environment via bash -lc, which is a high-risk pattern that could be used for unauthorized system access.\n- [DATA_EXFILTRATION]: Includes a publish command that automates the uploading of session artifacts, such as screenshots and logs, to public GitHub Pull Requests, posing a risk of accidental sensitive data exposure.\n- [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection as it processes and interprets untrusted data from Telegram chat transcripts.\n
Ingestion points: Processes external, untrusted content through user-driver.py transcript and visual monitoring of the Telegram Desktop client.\n
Boundary markers: Lacks explicit delimiters or system instructions to ignore potential commands embedded within the Telegram messages being reviewed.\n
Capability inventory: The skill is granted extensive capabilities, including arbitrary shell execution, file system operations, and network publication.\n
Sanitization: No evidence of sanitization or content validation is provided for the messages before they are ingested into the agent context.

telegram-crabbox-e2e-proof