telegram-readonly
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the telethon library from the official Python Package Index (PyPI) during the bootstrap process. It also refers to the author's official GitHub repository (https://github.com/ropl-btc/telegram-readonly-cli) for installation and source code access.
- [COMMAND_EXECUTION]: A local bootstrap script (scripts/bootstrap_venv.sh) is used to set up a Python virtual environment. The core script (scripts/telegram_readonly.py) utilizes subprocess.call to ensure it runs within this isolated environment.
- [DATA_EXFILTRATION]: The skill accesses personal Telegram data, which is its primary purpose. It handles sensitive MTProto session strings by storing them in a dedicated local directory (~/.config/telegram-readonly/) with restricted file system permissions (chmod 600) to ensure data confidentiality.
- [PROMPT_INJECTION]: The skill processes untrusted external data from Telegram messages, creating an indirect injection surface. Ingestion points: Chat messages and dialog summaries retrieved via scripts/telegram_readonly.py. Boundary markers: None implemented in code; reliance on instructional constraints. Capability inventory: Environment bootstrapping and configuration management; no write-access tools implemented. Sanitization: Retrieved content is displayed without filtering or escaping.
Audit Metadata