telegram-human-loop

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read the bot_token from a local file and embed it verbatim into API request URLs (e.g., /bot{token}/METHOD), which requires the LLM to handle and insert a secret directly into generated requests/commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill polls the public Telegram Bot API (GET /bot{token}/getUpdates) and ingests user-generated messages from Telegram chats (untrusted third-party content) which the agent reads and acts on, enabling indirect prompt injection.