skills/sanjay3290/ai-skills/telegram/Gen Agent Trust Hub

telegram

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes messages from the Telegram Bot API.
  • Ingestion points: The read and ask commands in scripts/telegram.sh ingest untrusted text from the Telegram API using the getUpdates method.
  • Boundary markers: The retrieved content is printed to the agent's context without formal delimiters, which could lead to instruction confusion if a user sends malicious text.
  • Capability inventory: The skill possesses the ability to read arbitrary files from the filesystem via the file command and perform network requests to the Telegram API.
  • Sanitization: The skill mitigates unauthorized injection by verifying the source chat ID against a whitelist of authorized IDs (TELEGRAM_CHAT_ID and TARGET_*) configured by the user during setup.
  • [SAFE]: The skill implements strong credential protection by creating its configuration directory and files with restricted permissions (umask 077 and chmod 600), ensuring the bot token remains private to the owner.
  • [SAFE]: All network operations are directed to the official Telegram API domain (api.telegram.org), a well-known service, and no external code is downloaded or executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 12:03 AM
Security Audit — agent-trust-hub — telegram