The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses the local encrypted database and key files of the Telegram macOS app (Keepcoder) located at ~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram/stable/. This provides the agent with full read access to the user's private message history, contact names, and peer IDs. Although the script operates locally and is read-only, the access to sensitive personal data constitutes significant exposure.
[COMMAND_EXECUTION]: The scripts/tg-reader utility uses the subprocess module to create a Python virtual environment and install external libraries (sqlcipher3, pycryptodomex, mmh3) when the --setup flag is utilized.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection risks because it ingests untrusted text content from Telegram messages into the agent's context. Ingestion points: Message data is read from the db_sqlite file in the account directories. Boundary markers: The output provided to the agent does not use delimiters or instructions to ignore embedded commands in the messages. Capability inventory: The skill allows the agent to search history, list peers, and read recent conversations. Sanitization: The extraction process retrieves printable strings from binary blobs but does not perform sanitization to filter out malicious instructions or escape content.

telegram-reader