telegram-send
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local file paths to manage authentication, including the Telegram session file at
$SALES_PATH/telegram/sessions/telegram_session.sessionand environment variables in$SALES_PATH/.env. These files contain credentials and session tokens required for the skill's primary function. - [COMMAND_EXECUTION]: The skill invokes local Python scripts, specifically
$TG_TOOLS_PATH/tools/tg_send.py, to process data and interact with the Telegram API. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external data.
- Ingestion points: Data enters the agent context via CSV files (e.g.,
contacts.csv) provided as input to the sending tool. - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the CSV data are present in the skill definition.
- Capability inventory: The skill can execute local Python scripts and perform network operations via the Telegram API to send messages to external recipients.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content provided in the CSV fields before it is interpolated into message templates.
Audit Metadata