telegram-reader

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). Mixed signals: the Telegram links and desktop.telegram.org are normal and low-risk, but the GitHub repo is from an unverified/unknown account and — critically — the install pattern uses a remote install.sh piped to sudo bash from docs.iyear.me, which is a high‑risk distribution vector that could deliver malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated Telegram channel/group content via tdl (see SKILL.md Step 4 "Exporting messages" and references/commands.md which accept public links/usernames like https://t.me/channel_name and instruct saving/reading the exported JSON), and then directs the agent to read, summarize, and act on that content—allowing untrusted third-party messages to influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup instructs running a remote install script via curl piped to bash (https://docs.iyear.me/tdl/install.sh), which would fetch and execute remote code at runtime and is a required dependency (tdl), so it directly enables remote code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to run shell checks and offers installation commands that include a "curl ... | sudo bash" option (and other package installs), which would cause the agent to execute privileged installers and thus modify the machine state despite claiming read-only.