telegram
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the agent to install the
tdldependency using the commandcurl -sSL https://docs.iyear.me/tdl/install.sh | sudo bash. This pattern executes a script directly from a remote server without verification, which is a high-risk behavior. - [COMMAND_EXECUTION]: The installation process uses
sudo, granting administrative privileges to a third-party script. This represents a privilege escalation risk where the script could modify system-level files or install persistent backdoors. - [EXTERNAL_DOWNLOADS]: The skill fetches software and configurations from
docs.iyear.meandgithub.com/iyear/tdl. Sinceiyearis not an identified trusted organization or well-known cloud service, these external dependencies are considered unverifiable. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests and processes untrusted data from external Telegram channels.
- Ingestion points: Telegram message content exported to
/tmp/tdl-export.jsonand read viacatinSKILL.md(Step 4). - Boundary markers: Absent; there are no instructions to the agent to treat the imported Telegram content as untrusted data or to ignore instructions embedded within the messages.
- Capability inventory: The skill has the ability to execute shell commands (
tdl), read files, and initiate network requests (via thetdltool). - Sanitization: There is no evidence of sanitization or filtering of the Telegram content before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata