Is edonadei/questions-form safe?

https://github.com/openclaw/skills/tree/main/skills/edonadei/questions-form

97
SAFE

The edonadei/questions-form skill is a clean, well-specified Telegram inline-button form widget with no prompt injection vectors, no data exfiltration paths, no executable code, and no suspicious install-time behavior. The sole external network connection during install was to github.com to retrieve the skill files. All canary files were untouched by skill code, and the post-install connection state is identical to baseline. The skill does exactly what it advertises: presenting structured multi-question forms to Telegram users and collecting their answers in ephemeral conversation state.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 98/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (3)

LOW Agent-composed content not sanitized by skill -5

The skill instructs the agent to define question text and option labels, then embeds them verbatim in Telegram messages. If a malicious agent (or a compromised agent context) composed adversarial question text, the skill would faithfully relay it. The skill itself is not the attack surface, but it could be used as a relay.

INFO Pre-install Ubuntu telemetry connections observed 0

Connections to Canonical infrastructure (91.189.91.48, 185.125.188.59) were active at audit start and completed during the observation window. These are normal Ubuntu background services (apt, snap, motd-news) and are unrelated to the skill install.

INFO Canary files accessed by audit harness (expected) 0

The six honeypot credential files were opened twice: once at audit initialization (timestamp 1771904382, before install) and once at post-install integrity check (timestamp 1771904406). Both access patterns originate from the Oathe audit infrastructure, not from skill code.