telegram
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the tdl binary from an external repository to facilitate Telegram access.
- [REMOTE_CODE_EXECUTION]: The skill suggests an installation pattern where a remote script is piped directly to the shell:
curl -sSL https://docs.iyear.me/tdl/install.sh | sudo bash. This represents a high-risk execution of unverified remote code with root privileges. - [COMMAND_EXECUTION]: The setup instructions utilize
sudofor privilege escalation during the installation of the tdl tool, which could allow unauthorized system modifications. - [PROMPT_INJECTION]: The skill has a vulnerability to indirect prompt injection because it reads and processes external Telegram message content.
- Ingestion points: Untrusted message data is exported to
/tmp/tdl-export.jsonand read using thecatcommand as specified in SKILL.md. - Boundary markers: No protective delimiters or instructions to disregard embedded commands are used when the agent processes the fetched content.
- Capability inventory: The skill enables the agent to execute shell commands and perform file system operations.
- Sanitization: There is no evidence of sanitization or filtering of the Telegram message data before it is presented to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata