telegraph-publisher

Overall BENIGN with MEDIUM security risk. The core Telegraph and GitHub workflows are coherent with the stated publishing purpose and use direct first-party APIs, but risk is raised by the legacy unofficial upload endpoint, optional TLS disabling, public third-party diagram rendering, and optional transitive skill use.