add-telegram-swarm

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the assistant to "wait for user to provide the tokens" and shows embedding tokens verbatim in .env and curl commands (TELEGRAM_BOT_POOL, botTOKEN), so the LLM would need to receive and potentially output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly wires the agent to a Telegram channel (SKILL.md: "The main bot receives messages" and the IPC routing for tg: chatJid), so it ingests untrusted, user-generated Telegram group messages which can directly influence agent behavior and tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs code- and config-level changes (editing src/* files, adding env tokens, updating launchd plist / systemd user unit, copying env files and restarting services), which modify persistent machine state and service behavior even though it does not request sudo or create users.