Tg Message Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a Telegram briefing helper that clearly discloses its use of Telegram, Gmail, OAuth/browser sessions, and optional scheduling, with no evidence of hidden or destructive behavior.

Install only if you are comfortable giving the agent access to the Telegram channels and Gmail account involved. Review recipients before any send, prefer the narrowest available email/Telegram integration, and use scheduling only for briefings you are comfortable having generated and delivered repeatedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill’s stated purpose is generating Telegram briefings, but the documentation also instructs the agent to send those briefings via Gmail and set up recurring scheduling. That materially expands the action surface from summarization into outbound delivery and automation, increasing the chance of unintended external transmission of compiled channel content without clear scoping or consent boundaries.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The Telegram MCP section advertises broad account capabilities such as reading, searching, sending messages, managing channels, and more, far beyond what is needed to compile briefings. Exposing or encouraging use of an overprivileged integration increases the risk of unnecessary access to private data and unintended account actions if the skill is invoked or misused.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is scoped as a Telegram briefing assistant, but the documentation expands into composing and sending Gmail messages, which increases privileges and data-exfiltration pathways beyond the stated purpose. This broadening is dangerous because compiled Telegram content may be transmitted externally without a strong scope boundary, explicit user consent step, or least-privilege restriction.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The documentation recommends installing AgentMail with broad capabilities such as send, read, reply, search, and organize, even though the described task only needs delivery of a generated briefing. Granting unnecessary mailbox permissions violates least privilege and could expose unrelated email contents or enable unintended mailbox actions if the skill is triggered or extended improperly.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill’s trigger text includes very broad phrases such as "generate report" and "send briefing," which can match many ordinary user requests unrelated to Telegram channel summarization. Over-broad activation can cause the wrong skill to take control of a conversation and invoke messaging or email capabilities in contexts the user did not intend, increasing the chance of unintended data access or delivery.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases include broad terms like "generate report" and "send briefing," which can overlap with many ordinary user requests outside the intended Telegram-channel context. Overbroad activation criteria raise the risk that the skill is selected in the wrong context, causing unnecessary access to Telegram/Gmail workflows or prompting for actions the user did not intend.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill provides concrete instructions for sending compiled briefings to chats and via Gmail, but does not require a user-facing warning or explicit confirmation that content from Telegram channels will be transmitted externally. In a summarization context, that omission is dangerous because compiled reports may contain sensitive, copyrighted, or access-restricted information that users do not realize will be redistributed.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad and overlap with common requests like 'generate report' or 'send briefing,' which can cause accidental invocation in contexts not intended for Telegram channel summarization. That is risky because this skill includes access patterns for browsing Telegram, scheduling, and sending content externally, so unintended activation could lead to over-collection or transmission of data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to send compiled channel content via Telegram or Gmail without requiring an explicit warning or confirmation that content will leave the source channels and be delivered to external recipients. In this context, summaries may contain sensitive or private channel information, so omission of a transmission warning materially increases the chance of inadvertent disclosure.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest uses very broad trigger phrases such as "generate report" and "send briefing," which can match many ordinary user requests outside the Telegram-channel summarization use case. This can cause the wrong skill to activate and prompt unnecessary fetching, summarization, or delivery of message content, increasing the risk of unintended data access or disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow explicitly supports delivering compiled Telegram channel content to Telegram recipients or Gmail addresses, but it does not require an explicit privacy or data-sharing warning before transmission. In this context, aggregated message content may include sensitive, copyrighted, or access-restricted information, so sending it onward without a clear consent/visibility check can lead to accidental disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal