telegram-cli
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
telegram-cli.pycontains a hardcoded TelegramAPI_ID(1993898) andAPI_HASH(59d1e009d7ecb0c0a7224af3f461bb2e) as default values. While these are common generic values used in public Telegram clients, they are sensitive application credentials. - [DATA_EXFILTRATION]: The skill accesses and manipulates the Telegram session database file (
session.dat.session) located in~/.config/telethon/. This file contains highly sensitive authentication keys that grant full access to the user's Telegram account. - Evidence: The function
_ensure_session_schemaintelegram-cli.pyperforms raw SQL operations (ALTER TABLE,DROP TABLE,CREATE TABLE) on the session database to manage schema migrations. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads raw message content from external Telegram users and bots into the agent's context.
- Ingestion points:
cmd_readandcmd_askintelegram-cli.pyfetch message history and new replies from Telegram chats. - Boundary markers: The script does not wrap the retrieved message content in delimiters or provide warnings to the agent to ignore embedded instructions.
- Capability inventory: The skill allows the agent to send messages, send arbitrary files from the local filesystem, and download voice messages to a local directory.
- Sanitization: There is no filtering or sanitization of the retrieved message content before it is displayed to the agent.
- [COMMAND_EXECUTION]: The skill's primary functionality relies on executing a bundled Python script (
telegram-cli.py) that interacts with the filesystem and network.
Audit Metadata