Telegram CLI Usage Guide
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill instructs the installation of a tool using
uv tool install git+https://github.com/AFutureD/tele-cli. This source is not within the Trusted External Sources whitelist, meaning the tool's code is unverified and could perform malicious actions upon execution. - [Indirect Prompt Injection] (MEDIUM): The skill fetches content from an external, attacker-controllable source (Telegram messages).
- Ingestion points:
tele -f json message list <dialog_id>(SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to treat fetched message content as data rather than instructions.
- Capability inventory: Reading messages, listing dialogs, and session management (
tele auth switch). - Sanitization: Absent. Raw message text is processed by the agent, which could lead to the agent following malicious instructions embedded in a Telegram chat.
- [Data Exposure & Exfiltration] (LOW): The skill interacts with sensitive session files located in
~/.config/tele/sessions/. While no explicit exfiltration to a third party is defined, the tool manages authentication tokens which are high-value targets.
Recommendations
- AI detected serious security threats
Audit Metadata