telegram-polling

SUSPICIOUS. The core Telegram integration is coherent and uses official Telegram endpoints, but the skill’s footprint goes beyond simple polling: it permits remote agent task creation/control and processes untrusted Telegram files/messages through agent workflows with Bash/Python execution. Security controls are substantial and purposeful, so this is not malicious, but it is a medium-high risk infrastructure skill due to autonomous task control and prompt-injection exposure.