telegram

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes literal Telegram token examples and multiple code/CLI patterns that embed tokens directly (in source, URLs, curl/CLI args and webhook paths), which would require the model to include secret values verbatim if filled in—high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary Telegram user messages/inline queries/web_app_data via polling/webhook endpoints (see assets/boilerplate/nodejs/src/handlers.ts, assets/boilerplate/python/bot.py and references/webhook-setup.md / webhook_server.py) and even forwards conversation text to an AI client in the "Automacao com IA" boilerplate, so untrusted user-generated content from Telegram can directly influence actions and LLM prompts, enabling indirect prompt injection.