telegram
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads media files (photos, documents, etc.) from Telegram's official API servers to the local filesystem in the
~/Downloadsdirectory. - [COMMAND_EXECUTION]: Scripts use Nix shebangs to automatically manage the execution environment, downloading and installing the
pytelegrambotapiandrequestslibraries from the Nix package registry at runtime. - [INDIRECT_PROMPT_INJECTION]: The script
check_messages.pyretrieves message text and captions from external users via the Telegram API, which represents an ingestion point for untrusted data. - Ingestion points:
scripts/check_messages.pypolls the Telegram Bot API for new messages. - Boundary markers: Absent; the script prints raw message content directly to the console output.
- Capability inventory: The skill possesses the capability to read local files and transmit data to remote Telegram chats via
scripts/send_message.py. - Sanitization: No specific sanitization or filtering is performed on the incoming message text.
Audit Metadata