telegram

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds and demonstrates bot tokens in URLs, environment variables, CLI args, and webhook paths (including a realistic example token and commands like --token "SEU_TOKEN"), which encourages the agent to accept and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill directly ingests and acts on arbitrary, untrusted Telegram user content (e.g., update.message.text and callback_query handling in assets/boilerplate/python/bot.py, assets/boilerplate/python/webhook_server.py, and assets/boilerplate/nodejs/src/handlers.ts, plus the "Automacao com IA" flow that feeds user_text into an LLM), so third-party messages can materially influence tool calls and bot behavior.