telegram
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes messages from the Telegram Bot API.
- Ingestion points: The
readandaskcommands inscripts/telegram.shingest untrusted text from the Telegram API using thegetUpdatesmethod. - Boundary markers: The retrieved content is printed to the agent's context without formal delimiters, which could lead to instruction confusion if a user sends malicious text.
- Capability inventory: The skill possesses the ability to read arbitrary files from the filesystem via the
filecommand and perform network requests to the Telegram API. - Sanitization: The skill mitigates unauthorized injection by verifying the source chat ID against a whitelist of authorized IDs (
TELEGRAM_CHAT_IDandTARGET_*) configured by the user during setup. - [SAFE]: The skill implements strong credential protection by creating its configuration directory and files with restricted permissions (
umask 077andchmod 600), ensuring the bot token remains private to the owner. - [SAFE]: All network operations are directed to the official Telegram API domain (
api.telegram.org), a well-known service, and no external code is downloaded or executed.
Audit Metadata