Skills
skills/himself65/finance-skills/telegram-reader/Gen Agent Trust Hub

telegram-reader

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill recommends installing the tdl dependency using a high-risk execution pattern that pipes a remote script directly to a shell with root privileges. Evidence: curl -sSL https://docs.iyear.me/tdl/install.sh | sudo bash in SKILL.md.\n- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection to execute shell commands at skill load time for environment status checks. Evidence: !(command -v tdl && tdl version 2>&1 | head -3 || echo "TDL_NOT_INSTALLED")and!(tdl chat ls --limit 1 2>&1 >/dev/null && echo "AUTH_OK" || echo "AUTH_NEEDED") in SKILL.md.\n- [EXTERNAL_DOWNLOADS]: The skill references and downloads configuration and scripts from third-party repositories and documentation sites. Evidence: https://docs.iyear.me/tdl/install.sh and https://github.com/iyear/tdl.\n- [CREDENTIALS_UNSAFE]: The command reference documentation includes options for passing sensitive passcodes via command-line flags, which can expose credentials in shell histories or process lists. Evidence: -p PASSCODE flag in references/commands.md.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 11, 2026, 08:01 PM