ktgbotapi-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's handlers and FSM (e.g., handlers/MessageHandlers.kt and fsm/StateHandlers.kt, including the waitTextOrCancel helper) explicitly read and interpret arbitrary user-provided Telegram messages and callback data (untrusted third-party content) to drive state transitions, API calls, and next actions, allowing that content to materially influence behavior.