afk-claude-telegram-bridge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The installer and setup flow explicitly prompt for and store a Telegram bot token (bot token/chat_id in config.json), which requires accepting and embedding the secret verbatim into configuration/commands, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The URLs point to a GitHub repository and its raw install.sh which the skill recommends piping directly to bash and which downloads pre-built binaries from the repo — a common and risky distribution pattern from an unverified/unknown author that can execute arbitrary code on your machine.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The bridge daemon explicitly polls and processes messages and callback queries from a Telegram group/topic (see ARCHITECTURE.md "Daemon Telegram Poll Loop" and SKILL.md "From Telegram"), and those user-generated Telegram messages are read and routed into the agent's workflow (approvals, queued instructions, stop commands), so untrusted third‑party content can directly influence tool use and next actions.