Hardening · Telegram · groups
Telegram groups: mention-only by default
Group chats are untrusted input at scale. If your bot is always-on in a group, you are asking for prompt injection and abuse.
Checklist
1
Enable mention-only
Require @mention to trigger responses.
2
Limit tool permissions
Even with mention-only, assume a malicious prompt can land.
3
Audit via logs
Verify which message triggered which action.
Why this matters
Untrusted input
Any group member can attempt to manipulate behavior.
High blast radius
One bad prompt + too-permissive tools can do damage.
Noise & leakage
Always-on bots invite accidental data exposure.