configure-notifications

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste bot tokens/webhook URLs and then constructs commands, config files, and test requests that embed those secrets verbatim (e.g., curl commands, jq --arg writes, and config summaries), so the LLM would handle and output secrets directly, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses untrusted, user-generated third-party content as part of its runtime workflow (e.g., Telegram getUpdates in "Telegram Setup" Step 4 to extract chat IDs and the Custom Integration / Generic Webhook flows that POST to and read responses from arbitrary webhook URLs), and those extracted values are used to configure notification targets and subsequent actions—so remote content can materially influence where and how the agent sends notifications.