gramio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The gramio-pick-username skill explicitly instructs the agent to run the bundled check-usernames.mjs which fetches public t.me pages and inspects the page CTA / og:title to determine username availability, i.e. it ingests untrusted, user-generated web content (t.me) and uses those parsed values to drive decision-making and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly tells the agent to fetch GramIO docs at runtime (e.g. https://gramio.dev/telegram/methods/sendMessage.md) and the bundled username-checker invokes remote t.me pages (e.g. https://t.me/) — both are fetched during runtime, the returned content is used to drive the agent's instructions/decisions (doc content for answers and t.me button text for availability verdicts), and those fetches are required for those features.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes Telegram payment functionality: the docs list "Handling payments with Telegram Stars" and the Telegram Stars reference (payments, invoices, subscriptions, refunds, test mode) and an example file telegram-stars.ts. This is a specific, built-in payments/invoicing/refund feature (not a generic API caller or browser automation), so it provides direct financial-execution capabilities.