telegram-mini-app
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references the official Telegram Web App script (https://telegram.org/js/telegram-web-app.js) and the standard @tonconnect/ui-react package for blockchain integration. These are trusted sources for the stated purpose.
- DATA_EXPOSURE (SAFE): While the code accesses user data (tg.initDataUnsafe), it does so via the official API for UI personalization. The 'Sharp Edges' section correctly identifies that failure to validate this data on the server is a high-severity security risk, demonstrating safety awareness.
- REMOTE_CODE_EXECUTION (SAFE): No patterns for arbitrary command execution or untrusted remote code execution were found. The use of transaction objects for TON payments follows standard Web3 protocols.
- PROMPT_INJECTION (SAFE): No instructions attempting to bypass safety filters or override agent behavior were detected.
Audit Metadata