telegram-init
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (LOW): The skill handles sensitive information including Telegram API IDs, hashes, and session strings. It instructs users to store these in a
.envfile, which is a common but sensitive storage practice for credentials. - [Command Execution] (LOW): The documentation lists commands for executing local Python scripts (
generate_session.pyandtelegram_init.py). These are standard initialization routines for the described functionality. - [Indirect Prompt Injection] (LOW): The skill ingests data from the Telegram API, such as group names and channel titles. As untrusted external data, this represents a potential surface for indirect injection if displayed or processed by the agent without proper boundary markers, though no active exploitation is present.
Audit Metadata