telegram-reader

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). Mixed signals: the Telegram links and desktop.telegram.org are normal and low-risk, but the GitHub repo is from an unverified/unknown account and — critically — the install pattern uses a remote install.sh piped to sudo bash from docs.iyear.me, which is a high‑risk distribution vector that could deliver malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to export and read messages from Telegram channels/groups (see SKILL.md Step 4 and "Working with exported JSON"), which are untrusted, user-generated third-party content that the agent must interpret and use to drive summaries and financial recommendations, creating a clear vector for indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to run shell checks and offers installation commands that include a "curl ... | sudo bash" option (and other package installs), which would cause the agent to execute privileged installers and thus modify the machine state despite claiming read-only.