Skills
skills/aaaaqwq/claude-code-skills/telegram-check/Gen Agent Trust Hub

telegram-check

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes Python scripts (tg_contacts.py and tg_scrape.py) from a local directory defined by the TG_TOOLS_PATH environment variable to interact with the Telegram API.
  • [DATA_EXFILTRATION]: Accesses sensitive personal communication data, including messages, usernames, and phone numbers, and provides a command to export this data to a local JSON file.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading untrusted message content. 1. Ingestion points: Message content from Telegram contacts and groups (SKILL.md). 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within external data. 3. Capability inventory: Capability to execute shell commands via python3. 4. Sanitization: No sanitization or validation of message content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 02:05 PM
Security Audit — agent-trust-hub — telegram-check