The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of shell commands through the Bash tool to perform system diagnostics and remediation. This includes process management (pgrep, pkill), file system operations (rm -f /tmp/kokoro-tts.lock), and running local services (bun --watch run src/main.ts).
[PROMPT_INJECTION]: The skill includes 'Self-Evolving' instructions and a 'Post-Execution Reflection' section that direct the agent to autonomously modify its own SKILL.md file and associated reference documentation. This self-modification capability can be exploited to permanently alter the agent's behavior if it is tricked into writing malicious instructions.
[DATA_EXFILTRATION]: The skill accesses and reads application logs (/private/tmp/telegram-bot.log) and audit trails (~/.claude/automation/claude-telegram-sync/logs/audit/*.ndjson). These files contain history and metadata of bot interactions which may include sensitive user data or system information.
[PROMPT_INJECTION]: There is a risk of Indirect Prompt Injection because the skill ingests untrusted data from Telegram bot logs and audit logs during its diagnostic phases. When combined with the instructions to 'self-evolve' by modifying its own code, an attacker could potentially influence the agent to rewrite its instructions by placing malicious payloads in the logs.
Ingestion points: ~/.claude/automation/claude-telegram-sync/logs/audit/*.ndjson and /private/tmp/telegram-bot.log (Phase 2, Phase 6).
Boundary markers: None are specified for the log parsing logic.
Capability inventory: Bash and Read tools are available to all files, including the skill's own source code.
Sanitization: No sanitization or validation is described before using log data to inform skill updates.
[EXTERNAL_DOWNLOADS]: The skill performs a network connectivity check to https://api.telegram.org/, which is a well-known service. It also references an installation script (kokoro-install.sh) used for environment setup and upgrades.

diagnostic-issue-resolver