sergei-mikhailov-tg-channel-reader
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface because it ingests untrusted text from external Telegram channels. While this is an inherent risk for any content reader, the skill mitigates it by returning data in a structured JSON format.
- Ingestion points: reader.py and reader_telethon.py (fetches message text and captions from the Telegram API).
- Boundary markers: The skill returns structured JSON objects to the agent.
- Capability inventory: The skill is limited to reading channel info and message history; it has no capabilities for general file writing or execution of arbitrary code from the network.
- Sanitization: Fetched text is passed to the agent without specific sanitization.
- [COMMAND_EXECUTION]: The skill provides several CLI entry points for Telegram interaction. The author follows security best practices by instructing users to manually allowlist these commands in the OpenClaw approvals system rather than attempting to bypass security controls.
- [EXTERNAL_DOWNLOADS]: The skill relies on well-known and trusted third-party Python libraries (pyrogram, telethon, tgcrypto) to implement the Telegram MTProto protocol.
Audit Metadata