draft-message
Fail
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains a hardcoded Telegram
API_ID(18256514) andAPI_HASH(4b812166a74fbd4eaadf5c4c1c855926) within the Python scripts provided in the instructions. - [CREDENTIALS_UNSAFE]: The skill explicitly accesses sensitive Telegram session data located at
~/.local/share/telethon/eon. These files contain active authentication tokens that could be compromised if accessed by unauthorized processes. - [EXTERNAL_DOWNLOADS]: The skill uses the
uvtool to download and install thetelethonpackage from the Python Package Index (PyPI) at runtime without specifying a version, which introduces supply chain risks. - [COMMAND_EXECUTION]: The skill generates and executes Python code dynamically using bash heredocs (
PYEOFandDRAFT_EOF). This pattern is often used to execute logic that bypasses static analysis. - [DATA_EXFILTRATION]: While the stated purpose is sending to 'Saved Messages', the skill facilitates the transmission of local data and user-provided content to external Telegram servers using authenticated sessions.
- [INDIRECT_PROMPT_INJECTION]: The skill accepts a
messageparameter that is interpolated into a script and transmitted to an external service. - Ingestion points: The
messageargument in thetg-cli.py draftcommand and theBODYvariable in the Direct Telethon section ofSKILL.md. - Boundary markers: Absent. The content is directly embedded into script strings.
- Capability inventory: The skill uses
uv runfor subprocess execution,os.path.expanduserfor file system access, andtelethonfor network communication. - Sanitization: None detected. The skill allows raw HTML input through the
--htmlflag without validation or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata