telegram-read
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from Telegram messages.
- Ingestion points: The script
telegram_read.pyreads message content from a local Telegram database. - Boundary markers: Messages are delimited using Markdown headers (e.g., `### 10:30 AM
- @alice`), but there are no explicit system instructions for the agent to ignore potentially malicious commands embedded within those messages.
- Capability inventory: The skill displays message content to the agent, which may include instructions that attempt to hijack the conversation or extract information.
- Sanitization: No sanitization or content filtering is described in the documentation for the message data before it is presented to the model.
- Command Execution (SAFE): The skill executes local Python scripts (
telegram_read.py) to perform its functions. This is the primary intended behavior and does not involve arbitrary or high-risk command execution outside the scope of the skill's utility.
Audit Metadata