send-message

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes a literal API_HASH (and API_ID) embedded in code examples and instructs using them in commands/scripts, requiring the LLM to reproduce secret credential values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "Editing a previously sent message" example in SKILL.md shows the agent fetching and iterating recent Telegram messages (user-generated content) via Telethon (async for msg in client.iter_messages(...)), which means untrusted third-party content is read and can influence which message IDs are chosen/edited, enabling indirect prompt injection risk.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The file contains a literal, high-entropy API_HASH: "4b812166a74fbd4eaadf5c4c1c855926" (appears multiple times) paired with API_ID 18256514. This is not a placeholder (not "YOUR_API_KEY" or truncated) and is a usable Telethon/Telegram credential. Chat IDs, session paths, and numeric IDs are not secrets and were ignored.