jobsearch-telegram

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to paste the Telegram bot token into chat/config and then instructs the agent to read that token and embed it verbatim in curl commands/outputs (e.g., https://api.telegram.org/bot{TOKEN}/...), which requires the LLM to handle and emit secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill requests broad shell/file/browser permissions, uses Telegram as a headless remote-control channel without explicit inbound-sender authentication, and can programmatically visit arbitrary job URLs and submit personal data — patterns that enable credential theft, data exfiltration, and remote-action/backdoor abuse if an attacker or malicious input is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly polls Telegram (via getUpdates) for arbitrary user messages and treats those messages and any included job board URLs (e.g., greenhouse.io, lever.co, resolved form_url pages) as inputs to workflows that scan pages and autonomously fill/submit forms, so untrusted third-party content can directly influence actions.