telegram-readonly
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages highly sensitive Telegram API credentials and MTProto session strings. It stores these in a local configuration file (~/.config/telegram-readonly/config.json) and uses restricted file permissions (chmod 600) to protect the data from other users on the system.\n- [COMMAND_EXECUTION]: The agent interacts with Telegram by executing the telegram-readonly CLI tool. This command-based interface allows the agent to perform account reads through the local shell.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves and processes message content from external Telegram chats.\n
- Ingestion points: Message text is fetched from the Telegram API in src/telegram_readonly/cli.py via cmd_messages and cmd_search.\n
- Boundary markers: The skill returns structured JSON but lacks explicit boundary markers or instructions to the agent to treat message content as untrusted.\n
- Capability inventory: The agent can execute CLI commands and access local files.\n
- Sanitization: No sanitization or escaping is applied to the retrieved message text before it is presented to the agent.
Audit Metadata