The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect prompt injection by reading untrusted external data.
Ingestion points: Commands such as tg inbox, tg read, and tg search fetch message content from Telegram into the agent's context.
Boundary markers: There are no specified delimiters or instructions for the agent to ignore commands embedded within the Telegram messages it reads.
Capability inventory: The skill allows for side effects including tg send, tg reply, and tg contact, which could be exploited by an attacker sending a malicious message to the user.
Sanitization: No evidence of sanitization or filtering of incoming message content.
[External Downloads] (MEDIUM): The skill instructs the user to install a global package from an unverified NPM scope (@cyberdrk/tg) and references a specific local development path (~/Code/cyberdrk305/telegram), which is unusual for a general-purpose skill and poses a risk of supply chain attack.
[Data Exposure] (MEDIUM): The skill facilitates the extraction of private communications, contact lists, and group memberships into the AI's operational environment, increasing the risk of accidental or malicious data exfiltration.

tg