telegram-bot-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_SAFE] (SAFE): The skill specifically includes a validation file (
references/validations.md) that identifies hardcoded Telegram Bot tokens as a high-severity security risk. It provides patterns for the agent to detect these tokens in user code and instructs the user to move them to environment variables. - [EXTERNAL_DOWNLOADS] (SAFE): References standard and reputable libraries for Telegram bot development, including
telegraf,grammY,python-telegram-bot, andaiogram. No suspicious or unknown third-party dependencies are requested. - [COMMAND_EXECUTION] (SAFE): Code snippets provided are typical for bot development (e.g., setting up an Express server or using Docker for deployment). There are no commands that attempt to execute arbitrary shell scripts or perform unauthorized system modifications.
- [DATA_EXFILTRATION] (SAFE): No sensitive file paths (e.g., SSH keys, AWS credentials) are accessed. Network operations are appropriately scoped to the official Telegram API (
api.telegram.org). - [PROMPT_INJECTION] (SAFE): The instructions are clear and focused on the technical domain of bot architecture. There are no attempts to bypass safety filters, extract system prompts, or use 'ignore previous instructions' patterns.
Audit Metadata