Telegram CLI Usage Guide

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a third‑party GitHub repository from an unverified single user and the skill instructs installing the CLI directly from the repo (i.e., pulling and executing unreviewed code), which can be used to distribute malicious software if the maintainer or code is malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill shows commands like "tele -f json message list <dialog_id>" and "tele -f json dialog list" which fetch and expose Telegram dialogs and messages (user-generated content from the public/third-party Telegram service) for the agent to read and interpret, enabling indirect prompt injection.