telegram-groups
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script located at
$TG_TOOLS_PATH/tools/tg_groups.pyto perform Telegram management tasks. The commands are executed locally using the system's python3 interpreter with arguments provided through the command line. This is the primary intended functionality of the skill. - [INDIRECT_PROMPT_INJECTION]: The skill handles untrusted data by reading from external files (e.g.,
msg.txtfor message content,users.csvfor member lists) and by listing group members or group names from Telegram. - Ingestion points: Input files (
msg.txt,users.csv) and output from thelistandmemberscommands (SKILL.md). - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: Execution of the Python management script (SKILL.md).
- Sanitization: Not explicitly mentioned; behavior depends on the implementation of the
tg_groups.pyscript and the agent's command execution environment.
Audit Metadata