tg-responder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The worker explicitly feeds incoming Telegram messages and recent chat context (written to the DB by scripts/hook.py and fetched via worker._fetch_context which calls telegram_fetch.py "recent") into the Claude classifier (prompts/classify.md) so untrusted, user-generated Telegram content is read and used to produce classifications/drafts that affect downstream decisions and outbox entries.