The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the tgcli tool from an unverified third-party GitHub repository (github.com/kaosb/tgcli@latest), posing a potential supply chain risk.
[DATA_EXFILTRATION]: The skill manages sensitive Telegram session and configuration files in ~/.tgcli/. While safety guidelines are provided to the agent, the file-sending capability of the tool could be exploited to exfiltrate these credentials if the agent is compromised.
[COMMAND_EXECUTION]: The skill executes multiple shell-based CLI commands to authenticate, synchronize, and interact with the user's personal Telegram account and filesystem.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from external messages (via chat history and search). An attacker could send a message that triggers the agent to exfiltrate session data or perform unauthorized account actions. Ingestion points: Message reading and searching via 'tgcli msg ls' and 'tgcli msg search' commands. Boundary markers: Absent. No delimiters are specified to distinguish between user instructions and retrieved chat content. Capability inventory: File system access, network communication via 'tgcli send', and command execution. Sanitization: Absent.

tgcli