mtgo-mtproto-go

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted, user-generated Telegram content and external URLs as part of its runtime workflow (see SKILL.md "Handlers" examples that read ctx.Message.Text / ctx.CallbackQuery.Data and act on them, and the "Media" / InputFile.URL / DownloadMedia sections that fetch arbitrary URLs), and those inputs are used to drive actions (replies, edits, bans, RPC calls), so third‑party content could indirectly inject instructions.