gramio-pick-username

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md "Availability check (t.me button inspection)" and the bundled check-usernames.mjs) explicitly fetches and parses public https://t.me/ pages (user-generated/open-web content) and the agent reads the page's button text/og:title/avatar fields to decide "free" vs "taken", so untrusted third‑party content is ingested and can materially influence decisions.