agent-telegram
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
agent-telegramCLI through theBashtool to perform operations such as authentication, chat listing, and message sending. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes the
agent-messengerpackage from the npm registry using thebunxcommand at runtime. - [CREDENTIALS_UNSAFE]: The skill manages sensitive Telegram authentication data, including phone numbers, verification codes (used for both credential provisioning and account login), and 2FA passwords. It stores persistent session and state data in the
~/.config/agent-messenger/telegram/directory. - [PROMPT_INJECTION]: The skill reads external Telegram messages, which represents an attack surface for indirect prompt injection where malicious instructions could be embedded in messages.
- Ingestion points: Telegram messages are retrieved using the
agent-telegram message listcommand inSKILL.md. - Boundary markers: No delimiters or specific instructions to ignore embedded commands are defined for the retrieved message content.
- Capability inventory: The agent can execute various
agent-telegramcommands to send messages, search chats, and modify authentication states across ALL scripts. - Sanitization: No validation, filtering, or escaping of the external message content is mentioned in the skill instructions.
Audit Metadata