agent-telegram

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to ask the user for provisioning codes, TDLib login codes, and 2FA passwords and then embed them directly in CLI invocations (e.g., --provisioning-code, --code, --password), forcing the LLM to handle and output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent will fetch and read Telegram chats and messages (e.g., "agent-telegram message list @durov --limit 10" and "agent-telegram chat get"), which are user-generated, third-party content from Telegram that the agent is expected to interpret and that could materially influence its actions.