telegram-manage-contacts
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a binary located at
<skill-dir>/../telegram-skills-bin/bin/telegram. This binary is used for all core functions, including fetching Telegram IDs, adding contacts, and listing recipients. - [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install the sibling skill
roziscoding/telegram-skillsviabunx skills addif the required binary is missing. This represents a dependency on another skill from the same author. - [DATA_EXPOSURE]: The skill reads and writes data to
~/.config/telegram-skills/credentials.json. While this file contains sensitive information (contact IDs and bot configuration), this access is localized and essential to the skill's primary function of managing credentials. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data returned from the Telegram API during the
--get-idflow, which could theoretically be manipulated by a remote user. - Ingestion points: The
--get-idcommand outputs user data (first_name,last_name,chat_id) obtained from the Telegram network. - Boundary markers: No explicit delimiters or boundary markers are defined for the data returned by the binary.
- Capability inventory: The skill can execute local binaries and write to the configuration file in the user's home directory.
- Sanitization: There is no mention of sanitization or validation for the data returned from the Telegram API before it is handled by the agent.
Audit Metadata