telegram-bot-management
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The skill configures launchd services to ensure the bot auto-starts on login and auto-restarts on failure. While this is the intended purpose for bot management, it establishes a persistent presence on the host system.
- Command Execution (MEDIUM): The skill executes multiple shell scripts (bot-service.sh, run-bot-prod-watchexec.sh) and relies on chmod +x for installation. Execution is wrapped through doppler, uv, and python3.
- Privilege Escalation (LOW): Uses launchctl and chmod to manage system services and file permissions. Commands are targeted at user-level agents but manipulate macOS service managers.
- Indirect Prompt Injection (LOW): As a Telegram bot management skill, the underlying bot processes external messages which could contain malicious instructions. Evidence Chain: 1. Ingestion points: Telegram message stream processed by multi-workspace-bot.py. 2. Boundary markers: Absent from documentation. 3. Capability inventory: Subprocess calls for status, logs, and restarts; file writes for PIDs. 4. Sanitization: None documented in the management layer.
Audit Metadata