telegram-list
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill accesses private communication metadata by listing Telegram DMs and groups. Although this is sensitive data exposure, it is the primary intended purpose of the skill and requires pre-authorized session access.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. Malicious users could name Telegram groups or topics with instructions designed to manipulate the agent's logic when it parses the list. 1. Ingestion points: group and topic names retrieved via telegram_list.py. 2. Boundary markers: No markers or 'ignore' instructions are present in the output definition. 3. Capability inventory: Execution of local Python scripts for metadata listing. 4. Sanitization: No sanitization of retrieved metadata is described in the provided configuration.
Audit Metadata