claude-to-im

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the agent to collect API tokens/secrets, write them into ~/.claude-to-im/config.env (KEY=VALUE) via Write, and embed them into validation commands (e.g., curl "https://api.telegram.org/bot${TOKEN}/getMe"), which requires the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly forwards messages from third-party IM platforms (Telegram/Discord/Feishu via the Bot APIs) into Claude/Codex sessions as part of normal operation (see SKILL.md and README.md: "Messages from IM are forwarded to the AI coding agent"), so untrusted user-generated chat content is ingested and can directly influence tool use and agent decisions.