tg-hub
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted message content from external Telegram sources.
- Ingestion points:
scripts/client.pyfetches message data from Telegram chats and channels using thetelethonlibrary. - Boundary markers: No delimiters or specific instruction-isolation markers are implemented to separate untrusted message content from the system context.
- Capability inventory: The skill can read from and write to the Telegram account and access a local SQLite database, but it does not include direct shell execution or arbitrary file system write tools.
- Sanitization: There is no evidence of message content sanitization or filtering to prevent embedded instructions from influencing the agent's behavior.
- [CREDENTIALS_UNSAFE]: Hardcoded public API credentials are present in
scripts/config.py. TheTG_API_ID(2040) and its associatedapi_hashare included as a fallback. These are the publicly known credentials for the official Telegram Desktop application. The code includes a warning and instructions for users to provide their own private credentials via environment variables to minimize account risks.
Audit Metadata