telegram-bot-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly interacts with Telegram (sends/receives Telegram alerts and handles Telegram messages for the bot), which is an external, user-generated messaging platform whose arbitrary content the agent/operator is expected to read as part of normal workflow (e.g., "Telegram alert with full context" and instructions to "Check Telegram alert for error context"), exposing it to untrusted third-party content and potential indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs management and modification of system services (launchd plists, launchctl load/unload, chmod, killing/restarting processes and checking service status), which changes the machine's state and can require elevated privileges—equivalent to modifying system service configuration—so it should be flagged.