sergei-mikhailov-tg-channel-reader
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill fetches content (posts and comments) from external Telegram channels which are attacker-controllable sources.
- Ingestion points: Raw message and comment text are retrieved in
reader.pyandreader_telethon.py. - Boundary markers: The data is returned to the agent in a structured JSON format, providing clear separation between data and control.
- Capability inventory: The agent is intended to summarize and analyze this text, which could lead to following embedded instructions if not handled by agent-level guardrails.
- Sanitization: Content is passed as raw strings within the JSON output without specific character escaping.
- [EXTERNAL_DOWNLOADS]: The skill depends on established and well-known Python libraries (
pyrogram,telethon, andtgcrypto) for its core functionality. These are standard tools in the Telegram development ecosystem and are fetched from official package registries.
Audit Metadata