telegram-cli
Fail
Audited by Snyk on Jun 20, 2026
Risk Level: HIGH
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). In the
askworkflow, the script registers a Telethonevents.NewMessagehandler and printsevent.text(and media tags) from messages sent by the chat participant (outsider) into the runtime console/LLM-visible context, i.e., Telegram-authored free text is ingested viacmd_ask()→handler()→text = event.text or "".
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I found a hardcoded high-entropy credential: the default TELEGRAM_API_HASH is set to "59d1e009d7ecb0c0a7224af3f461bb2e" in the script (API_HASH = os.environ.get("TELEGRAM_API_HASH", "59d1e009d7ecb0c0a7224af3f461bb2e")). This is a random-looking hex string and matches the format/entropy of a real Telethon/Telegram API hash, so it should be treated as a secret.
I am ignoring the following:
- TELEGRAM_API_ID = 1993898 — low-entropy numeric id (not a secret).
- Example pairing code "7PTE7AUN" shown in docs — ephemeral/example value used in instructions, not a long-lived credential.
- Environment variable names and other placeholders shown in the docs.
No private keys or other high-entropy secrets were found.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata