configure-telegram
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Shell scripts in Steps 4, 7, and 8 interpolate user-provided bot tokens and chat IDs directly into command strings (e.g.,
curl -s "https://api.telegram.org/bot${BOT_TOKEN}/getUpdates"). If the agent populates these variables with unsanitized input containing shell metacharacters like;,&, or$(), it could lead to arbitrary code execution on the host system. - [CREDENTIALS_UNSAFE] (LOW): The skill collects and stores a Telegram Bot Token in plaintext in
~/.codex/.omx-config.json. While necessary for functionality, plaintext storage of API tokens increases the risk of credential theft if the user's home directory is accessed by other processes. - [PROMPT_INJECTION] (LOW): The skill possesses an indirect injection surface in Step 4, where it fetches data from the Telegram API via
curl ... /getUpdates. An attacker could send a message to the bot containing malicious payloads. Although processed byjq, the resulting data is subsequently used in a shell script (Step 8), creating a path for untrusted external data to influence command-line arguments. - [DATA_EXFILTRATION] (INFO): The skill transmits the bot token to
api.telegram.org. This is documented behavior required to facilitate Telegram integration and is not considered malicious in this context.
Audit Metadata