telegram-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's examples and required workflow explicitly ingest and act on untrusted user-generated content from Telegram (e.g., the getUpdates long-poll loop and webhook examples that read update["message"]["text"], callback_query["data"], and inline_query["query"] in SKILL.md), so third-party messages could indirectly inject instructions that influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents Telegram payment APIs and examples that initiate and handle payments: methods like sendInvoice, answerPreCheckoutQuery, and the Web App method tg.openInvoice(...) (Telegram Stars payment). These are concrete payment initiation and processing endpoints (not generic browser or HTTP examples), so the skill provides direct financial execution capability.