Telegram Messaging
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages authentication through standard environment variables (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID), avoiding hardcoded secrets within the skill files.- [SAFE]: Data transmission to the external Telegram API is described as using jq for safe JSON encoding, which mitigates risks associated with malformed data or simple injection attempts.- [SAFE]: The skill implements an opt-in design for automatic notifications, requiring the existence of a specific local configuration file (.claude/telegram.local.md) with an explicit enable flag.- [SAFE]: The provided documentation and example files do not contain any obfuscated code, prompt injection attempts, or unauthorized persistence mechanisms.
Audit Metadata