telegram-bot-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly ingests and acts on arbitrary Telegram user content — e.g., message handlers, conversation flows (conversation.wait), bot.on('message:photo') with ctx.getFile() and callbackQuery handlers in SKILL.md — so untrusted, user-generated third-party content is read and used to drive bot behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly advertises and supports "payments" / "telegram payments" as part of the Bot API surface (mentioned in the overview, trigger words, and feature list). Telegram's Bot API includes invoice/payment functionality (i.e., an explicit mechanism to accept/process payments), so this skill exposes direct financial execution capability rather than a purely generic tool. Therefore it meets the criterion for direct financial execution.