telegram-channel-reading
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any hardcoded credentials, secrets, or unauthorized network requests. All referenced URLs are standard Telegram links (t.me).- [SAFE]: There are no remote code execution patterns, obfuscated scripts, or privilege escalation commands. The skill consists purely of natural language instructions for the AI agent.- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted third-party content from public Telegram channels. This creates a surface for indirect prompt injection, where an attacker could place instructions in a Telegram post to influence the agent's behavior during analysis. However, no specific malicious instructions were found in the skill's own text, and the instructions to 'summarize' and 'not cite posts in full' provide a basic layer of mitigation against direct obedience to injected text.
Audit Metadata