telegram-bot-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's example code explicitly ingests and acts on arbitrary Telegram user messages (e.g., bot.on('text', (ctx) => { ctx.reply(You said: ${ctx.message.text}); })), which are untrusted user-generated content and could carry indirect prompt-injection instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit "Telegram Payments" example that calls bot.replyWithInvoice using a provider_token and handles the successful_payment event to activate premium access. This is a concrete payment integration (a payment gateway flow) rather than a generic interface, so it grants direct financial execution capability.