telegram-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses TELEGRAM_GET_UPDATES and TELEGRAM_GET_CHAT_HISTORY (and GET_CHAT) to fetch user-generated messages and chat history from Telegram, which are untrusted third-party contents the agent will read and process.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill requires configuring and querying the runtime MCP server at https://rube.app/mcp (verified via RUBE_SEARCH_TOOLS), which supplies tool schemas that directly determine the agent's available instructions/behavior, so the external endpoint can control prompts at runtime.