telegram-bot-grammy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed bot tokens directly in curl URLs (e.g., https://api.telegram.org/bot<DEV_TOKEN>/...) and placeholders for secrets that an agent might be expected to substitute verbatim, which creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests arbitrary, user-generated Telegram messages via the webhook (see assets/src/index.ts and src/index.ts where webhookCallback and bot.on("message") / command handlers read ctx.message and ctx.from), so it clearly consumes untrusted third-party content that could carry indirect prompt-injection vectors.