telegram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary Telegram user messages/inline queries/web_app_data via polling/webhook endpoints (see assets/boilerplate/nodejs/src/handlers.ts, assets/boilerplate/python/bot.py and references/webhook-setup.md / webhook_server.py) and even forwards conversation text to an AI client in the "Automacao com IA" boilerplate, so untrusted user-generated content from Telegram can directly influence actions and LLM prompts, enabling indirect prompt injection.