telegram-manage-contacts

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a binary located at <skill-dir>/../telegram-skills-bin/bin/telegram. This binary is used for all core functions, including fetching Telegram IDs, adding contacts, and listing recipients.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install the sibling skill roziscoding/telegram-skills via bunx skills add if the required binary is missing. This represents a dependency on another skill from the same author.
  • [DATA_EXPOSURE]: The skill reads and writes data to ~/.config/telegram-skills/credentials.json. While this file contains sensitive information (contact IDs and bot configuration), this access is localized and essential to the skill's primary function of managing credentials.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data returned from the Telegram API during the --get-id flow, which could theoretically be manipulated by a remote user.
  • Ingestion points: The --get-id command outputs user data (first_name, last_name, chat_id) obtained from the Telegram network.
  • Boundary markers: No explicit delimiters or boundary markers are defined for the data returned by the binary.
  • Capability inventory: The skill can execute local binaries and write to the configuration file in the user's home directory.
  • Sanitization: There is no mention of sanitization or validation for the data returned from the Telegram API before it is handled by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 06:05 PM
Security Audit — agent-trust-hub — telegram-manage-contacts