telegram-readonly
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'telethon' library from PyPI via the bootstrap script. This is the standard library for MTProto Telegram access.
- [COMMAND_EXECUTION]: The Python implementation contains a self-re-execution pattern using
subprocess.callto ensure the script runs within its dedicated virtual environment. This is a benign operational feature. - [CREDENTIALS_UNSAFE]: The skill manages high-privilege Telegram session strings. It properly secures the local configuration file
~/.config/telegram-readonly/config.jsonby applyingchmod 600permissions immediately upon creation. - [PROMPT_INJECTION]: The skill ingests untrusted data from Telegram messages. 1. Ingestion points:
scripts/telegram_readonly.py(viamessagesandsearchcommands). 2. Boundary markers: Data is returned to the agent in structured JSON format. 3. Capability inventory: The agent has access to shell commands via the skill's allowed tools. 4. Sanitization: External message content is passed directly into the JSON response without sanitization, which is typical for data-retrieval tools.
Audit Metadata