telegram-bot
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical reference and does not include executable malicious code or requests to untrusted domains.
- [SAFE]: Sensitive data such as API tokens are handled using clear placeholders (e.g., '{TOKEN}' or '123456:ABC-DEF...'), preventing accidental exposure of real credentials.
- [SAFE]: External communication is limited to the official Telegram Bot API (api.telegram.org), which is recognized as a well-known and trusted service.
- [SAFE]: Analysis of indirect prompt injection surfaces: Ingestion points include user message text and files; boundary markers and sanitization are absent in the examples; capabilities include message and file handling via Telegram tools. This configuration is inherent to the skill's primary purpose of building AI-powered bots and does not elevate the security risk.
Audit Metadata