telegram
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by fetching untrusted content from Telegram chats and displaying it to the agent.\n
- Ingestion points: The
recent,search,unread, andthreadcommands inscripts/telegram_fetch.pyfetch message data from Telegram chats.\n - Boundary markers: Messages are formatted using markdown blockquotes in the
format_outputfunction, providing some structural separation but not preventing adversarial injection.\n - Capability inventory: The agent can send messages, send files, download media, and publish drafts (which involves moving and modifying files in the vault).\n
- Sanitization: Raw message content is presented without escaping or filtering.\n- [DATA_EXFILTRATION]: The skill accesses sensitive configuration files and user data required for its primary functions.\n
- Sensitive paths: Accesses
~/.telegram_dl/config.jsonand~/.telegram_dl/user.sessionwhich contain Telegram API credentials and session tokens.\n - Vault access: Accesses and modifies files within the
~/Brains/braindirectory (Obsidian vault) during the draft publishing process.\n- [COMMAND_EXECUTION]: The skill executes local Python scripts to interact with the Telegram API and manage local files.\n - Scripts:
scripts/telegram_fetch.pyandscripts/bot_send.pyperform network requests to Telegram servers and modify the local file system (downloads, vault updates).
Audit Metadata