n8n-project-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md n8n workflow explicitly ingests untrusted, user-generated content via a "Telegram Trigger" (messages/photos/locations) and reads Google Sheets rows ("Get Pending Tasks"/"Get Photo Reports") whose contents are used to drive message sending and task actions, so third-party content can directly influence tool behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I found a literal token-like value in Step 1: "123456789:ABCdefGHIjklMNOpqrsTUVwxyz". It matches the Telegram bot token format (<bot_id>:), is high-entropy/random-looking, and if valid would grant control of the bot via the Telegram API — so it qualifies as a real secret.

Ignored items and why:

• BOT_TOKEN = "YOUR_BOT_TOKEN" — documentation placeholder.
• 'credentials.json' and 'your-spreadsheet-id' — placeholders / config filenames, not secrets by themselves.
• Demo sheet URL (docs.google.com/...1fWi_0W_... ) — a resource identifier; not a secret credential (access depends on sheet sharing).
• Numeric Telegram user IDs (e.g., 123456789) and other simple strings in examples — low-entropy/example values.

Because the explicit bot token-like string is present and appears usable, I flag the document as containing a real secret.