Skills
skills/himself65/finance-skills/telegram-reader/Gen Agent Trust Hub

telegram-reader

Fail

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to install the tdl dependency using a highly insecure method: piping a remote script from an unverified source directly into a root shell (curl -sSL https://docs.iyear.me/tdl/install.sh | sudo bash).\n- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the !command`` syntax) within SKILL.md to automatically execute shell commands like command -v tdl and tdl chat ls when the skill is loaded, allowing silent command execution without prior user interaction.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and summarizes untrusted data from external Telegram channels.\n
  • Ingestion points: Telegram message data is exported to /tmp/tdl-export.json and then read by the agent.\n
  • Boundary markers: No delimiters or isolation instructions are used when directing the agent to read and process the exported messages.\n
  • Capability inventory: The agent has the capability to execute shell commands via the tdl tool and perform file system operations.\n
  • Sanitization: No sanitization, validation, or filtering of the retrieved Telegram content is mentioned.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 3, 2026, 04:19 AM