add-telegram

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly asks the agent to collect the user's Telegram bot token and instructs adding it into .env (TELEGRAM_BOT_TOKEN=), which requires the LLM to receive and may output or copy the secret verbatim rather than keeping it solely in an environment-managed/opaque form.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill registers a Telegram bot and reads/responds to chat messages from Telegram groups/users (see Phase 3 "Create Telegram Bot" and Phase 4 "Get Chat ID"/"Register the chat" in SKILL.md), which are untrusted, user-generated third-party content that the agent will interpret and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git fetch/merge from https://github.com/qwibitai/nanoclaw-telegram.git during its runtime to pull in src/channels/telegram.ts which is built and executed as part of the agent, so remote code from that URL would directly change/execute agent behavior.