telegram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly consumes and acts on user-generated Telegram content — e.g., SKILL.md shows methods and CLI commands that read and forward chat messages, use "group history", "getChat", "getUserProfilePhotos", "getFile", and answer callback queries — meaning untrusted third-party messages/files from Telegram can be ingested and influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes Telegram Bot API payment methods (sendInvoice, createInvoiceLink, answerPreCheckoutQuery, answerShippingQuery, refundStarPayment) and subscription invite link creation with prices. These are explicit, purpose-built payment operations (creating invoices/payment links, handling checkout/pre-checkout, issuing refunds) rather than generic messaging or HTTP functionality — i.e., they are designed to initiate and manage financial transactions.