using-telegram-cli
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the
@will-17173/telegram-clipackage from the npm registry. - [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands using the
tgbinary orpnpm devfor Telegram account management, message synchronization, and chat administration. - [DATA_EXPOSURE & EXFILTRATION]: The instructions involve handling sensitive Telegram authentication data, including API hashes and session files. The skill correctly identifies these as secrets and explicitly forbids printing them to logs or committing them to version control.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from Telegram messages via commands like
tg syncandtg search. - Ingestion points: Telegram message content is retrieved and stored in a local SQLite database using
history,sync, andrefreshcommands (found inSKILL.mdandreferences/command-reference.md). - Boundary markers: The skill includes a mandatory rule requiring explicit user authorization before performing any state-changing operations like
send,edit, ordelete(SKILL.md). - Capability inventory: The tool allows the agent to send/edit/delete messages and perform group mutations (
references/command-reference.md). - Sanitization: Human-in-the-loop authorization is the mandated control for all mutation actions to mitigate risks from untrusted message content.
Audit Metadata