The Agent Skills Directory

[DATA_EXFILTRATION]: The skill interacts with sensitive Telegram session files located at ~/.local/share/telethon/<profile>.session. These files contain authentication tokens that provide full access to a user's Telegram account. While required for the skill's functionality, this represents exposure of high-value credentials.
[PROMPT_INJECTION]: The skill includes 'Self-Evolving Skill' and 'Post-Execution Reflection' instructions that direct the AI to autonomously rewrite the SKILL.md file to 'fix' instructions or 'improvise' workarounds. This creates a feedback loop vulnerable to indirect prompt injection, as the agent may modify its own system-level instructions based on untrusted data or execution outcomes.
Ingestion points: Results from reading or forwarding messages and script execution logs.
Boundary markers: None present to distinguish instructions from data.
Capability inventory: Ability to modify local instruction files and execute shell commands.
Sanitization: No sanitization or validation of the content used to update the skill instructions.
[COMMAND_EXECUTION]: The skill executes the vendor's tg-cli.py script using uv run within a Bash environment. The script path is dynamically constructed using the CLAUDE_PLUGIN_ROOT environment variable.

forward-message