Telegram Compose

The skill contains a critical shell injection vulnerability in `SKILL.md`. The `$ACCOUNT` variable, which is provided by the caller, is directly interpolated into a `jq` command (`jq -r ".channels.telegram.accounts.$ACCOUNT.botToken" "$CONFIG"`) without sanitization. This allows for arbitrary command execution if a malicious string is passed as `$ACCOUNT` (e.g., `foo"; rm -rf / #`). While the skill's instructions aim for secure usage and there's no evidence of intentional malicious behavior like unauthorized data exfiltration or persistence, this RCE vulnerability makes the skill highly risky.