telegram-notify
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a binary located at sibling path
<skill-dir>/../telegram-skills-bin/bin/telegram. This binary is used to transmit message content passed via standard input. - [EXTERNAL_DOWNLOADS]: The setup instructions reference a sibling repository (
roziscoding/telegram-skills) that the user is expected to install to provide the necessary binaries. This is a vendor-owned resource. - [PROMPT_INJECTION]: The skill processes untrusted data from standard input (the message body) without explicit boundary markers or sanitization before sending it to the Telegram API. This creates an indirect prompt injection surface. Evidence: 1. Ingestion points: Message text read from stdin in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Executes a binary that performs network operations. 4. Sanitization: Absent.
Audit Metadata