telegram-doctor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- Data Exposure (HIGH): The skill explicitly accesses
.envfiles and reads high-value secrets includingTELEGRAM_API_ID,TELEGRAM_API_HASH, andTELEGRAM_SESSION. According to security standards, accessing sensitive file paths such as environment configuration files is a high-risk activity that can lead to credential theft. - Credentials Access (HIGH): The tool is designed to retrieve and validate the format/length of authentication tokens. This behavior provides a direct mechanism for an AI agent to access account-level secrets, which could be exfiltrated if the agent is compromised or subjected to a prompt injection attack.
- Indirect Prompt Injection (LOW):
- Ingestion points: The tool reads from local configuration files:
.envandconfig/agents.yaml(File: SKILL.md). - Boundary markers: No delimiters or safety instructions are specified for handling the content of these files.
- Capability inventory: The underlying script (
telegram_doctor.py) has the capability to initiate network connections to the Telegram API (File: SKILL.md). - Sanitization: No evidence of sanitization or validation of the input data is provided in the skill documentation.
Recommendations
- AI detected serious security threats
Audit Metadata