telegram-bot-grammy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts.
- Data Exposure & Exfiltration (SAFE): Sensitive information, specifically the Telegram Bot Token, is correctly handled via Cloudflare Worker secrets rather than being hardcoded. The skill only handles standard user metadata (Telegram IDs, names) necessary for bot functionality.
- Obfuscation (SAFE): All source code and configuration files are written in clear, human-readable text. No Base64, zero-width characters, or homoglyphs were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The project uses standard, well-known packages from the npm registry (grammy, drizzle-orm, wrangler). No piped remote script execution patterns (e.g., curl|bash) were found.
- Privilege Escalation (SAFE): No commands or configurations that attempt to escalate privileges (e.g., sudo, chmod 777) were identified.
- Persistence Mechanisms (SAFE): The skill uses a Cloudflare D1 database for standard application state persistence. No malicious persistence mechanisms such as cron job manipulation or shell profile modifications were detected.
- Metadata Poisoning (SAFE): Skill metadata (name, description, author) is accurate and does not contain deceptive instructions.
- Indirect Prompt Injection (SAFE): While the bot ingests data from external Telegram webhooks, it does not process this untrusted input through an LLM in the provided boilerplate, and database interactions are sanitized via Drizzle ORM.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating dangerous operations behind date, time, or environment checks was found.
- Dynamic Execution (SAFE): No runtime code generation or unsafe deserialization patterns (e.g., eval, exec) were detected in the source code.
Audit Metadata