telegram-push
Fail
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the Telegram Bot API (api.telegram.org) to send notifications and retrieve chat updates. Interaction with well-known services for the skill's primary purpose is expected and documented neutrally.
- [COMMAND_EXECUTION]: The skill relies on external local scripts (such as newsbot_send.py and news_push.py) located in the user's home directory. These scripts are not provided within the skill package, making their exact behavior unverifiable from the skill files alone.
- [REMOTE_CODE_EXECUTION]: Automated tools flagged a pattern where output from a network request is piped to python3. However, manual analysis confirms the piped content is a hardcoded, static Python snippet used solely for parsing JSON data from the Telegram API, which is a standard data-handling practice.
- [CREDENTIALS_UNSAFE]: The skill utilizes the pass utility to manage and retrieve Telegram Bot tokens. While using a dedicated password manager is a recommended security practice for secret management, it highlights that the skill requires access to sensitive credentials to function.
- [INDIRECT_PROMPT_INJECTION]: The skill provides a mechanism to ingest untrusted data from the Telegram API. Ingestion points: Telegram message updates retrieved via api.telegram.org (referenced in SKILL.md). Boundary markers: None provided in the command output. Capability inventory: Subprocess execution (via telegram-push.sh and local Python scripts), network access (Telegram API). Sanitization: None; raw JSON fields from the API are printed and processed.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.telegram.org/bot$(pass - DO NOT USE without thorough review
Audit Metadata