Skills
skills/davila7/claude-code-templates/telegram-mini-app/Gen Agent Trust Hub

telegram-mini-app

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard and trusted external resources including the official Telegram Web App script (https://telegram.org/js/telegram-web-app.js) and the @tonconnect/ui-react npm package. These are appropriate for the skill's stated purpose.
  • [DATA_EXFILTRATION] (SAFE): No hardcoded secrets or unauthorized data transmission patterns were found. Code examples use placeholders like your-app.com and empty strings for tokens.
  • [PROMPT_INJECTION] (SAFE): No malicious instructions or bypass attempts were detected in the skill text or metadata.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill handles untrusted data from the Telegram environment (e.g., user.first_name). While this is a potential attack surface, the provided React examples utilize safe interpolation, and the documentation explicitly warns users to validate initData on the backend.
  • [COMMAND_EXECUTION] (SAFE): No dangerous shell commands or unauthorized process executions were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:00 PM