telegram-mini-app

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The sample HTML loads and executes remote JavaScript from https://telegram.org/js/telegram-web-app.js at runtime (providing window.Telegram.WebApp), which the skill examples rely on and thus executes external code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes blockchain payment and transaction features: "TON Connect integration", "In-app payments", "TON blockchain integration", and a listed sub-skill "Send TON Transaction". Those are specific crypto/blockchain capabilities (wallet integration and sending transactions), which constitute direct financial execution authority per the criteria.