telegram-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes bot code that ingests and processes arbitrary user-generated Telegram content (e.g., the get_updates loop that reads update["message"]["text"], the Flask webhook handler that reads update["message"]["text"], and the inline query handler that reads inline_query["query"]), so the agent would read untrusted third-party content from Telegram users/public chats.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). HTML Mini App includes a runtime script tag loading and executing remote JavaScript (https://telegram.org/js/telegram-web-app.js), which the skill depends on to provide the tg.* APIs in runtime, so this is an external runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents Telegram payment APIs and examples that initiate and handle payments: methods like sendInvoice, answerPreCheckoutQuery, and the Web App method tg.openInvoice(...) (Telegram Stars payment). These are concrete payment initiation and processing endpoints (not generic browser or HTTP examples), so the skill provides direct financial execution capability.