telegram-export
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'telethon', 'pillow', and 'cryptg' libraries from the official Python Package Index (PyPI) to facilitate interaction with the Telegram API and enhance media processing performance.
- [COMMAND_EXECUTION]: Provides standard command-line instructions for installing dependencies using 'pip'.
- [DATA_EXFILTRATION]: The skill's primary function is to extract sensitive communication data, including messages and media, from Telegram and save it to local storage files (JSON and binary files).
- [PROMPT_INJECTION]: This category identifies an indirect prompt injection surface. Ingestion points: Reads text and media metadata from external Telegram chats and channels in 'SKILL.md' (e.g., 'export_messages.py', 'download_media.py', and 'extract_links.py'). Boundary markers: External content is processed without explicit delimiters or instructions to ignore embedded commands. Capability inventory: Includes the ability to write files to the local system and communicate over the network via the Telegram MTProto protocol. Sanitization: Does not include logic to sanitize or validate strings retrieved from Telegram before they are processed or stored.
Audit Metadata