skills/technickai/openclaw-config/tgcli/Snyk

tgcli

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the tool explicitly fetches and reads user-generated Telegram content from the Telegram API (e.g., via "tgcli sync", "tgcli msg ls", "tgcli msg search" which cache messages in ~/.tgcli/tgcli.db), so untrusted third‑party messages can be ingested and influence agent decisions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 31, 2026, 11:00 PM

Issues

1