telegram-mini-app

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes a runtime that loads and executes remote JavaScript from https://telegram.org/js/telegram-web-app.js, which runs external code in the app context and is a required dependency for the WebApp functionality.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes blockchain wallet/payment APIs and code to execute payments: it documents TON Connect integration and a concrete sendTransaction example (tonConnectUI.sendTransaction with amount and destination), and shows Telegram payment/invoice usage (bot.replyWithInvoice / provider_token). These are specific, purpose-built financial execution functions (crypto transactions and platform invoices), not generic browser or HTTP tooling.