Skills
skills/xfstudio/skills/telegram-mini-app/Gen Agent Trust Hub

telegram-mini-app

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill includes a script tag pointing to 'https://telegram.org/js/telegram-web-app.js'. While this is the official library for Telegram Web Apps, it represents a remote dependency. Per the [TRUST-SCOPE-RULE], since the domain is the official platform provider, the finding is categorized as LOW.
  • [COMMAND_EXECUTION] (INFO): The patterns suggest the use of 'npm install @tonconnect/ui-react', which is a standard procedure for integrating TON blockchain functionality and does not involve arbitrary command execution.
  • [DATA_EXFILTRATION] (INFO): The code snippets access 'tg.initDataUnsafe', which contains user profile information. The skill demonstrates good security posture by explicitly identifying the failure to validate this data on a backend as a high-severity 'Sharp Edge' for developers.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 04:36 AM