telegram
Warn
Audited by Snyk on Apr 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill directly fetches and formats Telegram messages (user-generated content) via scripts/telegram_fetch.py (functions like fetch_recent, search_messages, fetch_thread_messages) and SKILL.md states the output is "formatted markdown suitable for Claude to read and summarize," so untrusted third‑party content is ingested and can influence subsequent actions (e.g., replies, sends, publishes).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata