access

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill reads and prints pairing codes, sender IDs, and chat IDs from local state and confirms them verbatim (e.g., listing pending codes and approved senderId), so the LLM must handle and output potentially sensitive pairing tokens even though it doesn't ask for API keys/passwords.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and acts on pending entries in ~/.claude/channels/telegram/access.json (populated by the channel server from Telegram messages — untrusted, user-generated third-party content) and uses those entries (senderId/chatId) to approve and modify access, so that external content can influence agent decisions.