skills/dzianisv/skills/telegram-cli/Gen Agent Trust Hub

telegram-cli

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script telegram-cli.py contains a hardcoded Telegram API_ID (1993898) and API_HASH (59d1e009d7ecb0c0a7224af3f461bb2e) as default values. While these are common generic values used in public Telegram clients, they are sensitive application credentials.
  • [DATA_EXFILTRATION]: The skill accesses and manipulates the Telegram session database file (session.dat.session) located in ~/.config/telethon/. This file contains highly sensitive authentication keys that grant full access to the user's Telegram account.
  • Evidence: The function _ensure_session_schema in telegram-cli.py performs raw SQL operations (ALTER TABLE, DROP TABLE, CREATE TABLE) on the session database to manage schema migrations.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads raw message content from external Telegram users and bots into the agent's context.
  • Ingestion points: cmd_read and cmd_ask in telegram-cli.py fetch message history and new replies from Telegram chats.
  • Boundary markers: The script does not wrap the retrieved message content in delimiters or provide warnings to the agent to ignore embedded instructions.
  • Capability inventory: The skill allows the agent to send messages, send arbitrary files from the local filesystem, and download voice messages to a local directory.
  • Sanitization: There is no filtering or sanitization of the retrieved message content before it is displayed to the agent.
  • [COMMAND_EXECUTION]: The skill's primary functionality relies on executing a bundled Python script (telegram-cli.py) that interacts with the filesystem and network.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 06:59 PM
Security Audit — agent-trust-hub — telegram-cli