telegram-mini-apps-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill reads and decodes untrusted deep-link/start parameters provided via Telegram launch params (initData.startParam / tgWebAppStartParam) — see useDeeplink and references/deeplink.md — and interprets them to navigate or trigger actions, which is arbitrary user-controlled content.