skills/aaaaqwq/claude-code-skills/telegram-inbound-run/Snyk

telegram-inbound-run

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly states the agent "Extracts messages from Telegram (last 24 hours)" and classifies those user-generated Telegram replies (via Claude Haiku) and then updates CRM records and sends notifications, so untrusted third-party content from Telegram is read and used to drive actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 20, 2026, 02:22 PM

Issues

1

Security Audit — snyk — telegram-inbound-run