israeli-telegram-business-bot

Warn

Audited by Snyk on May 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to consult a public third‑party holiday calendar (the recommended "hebcal" MCP server and "check a holiday calendar" in Phase 4 / Recommended MCP Servers) to drive holiday auto-reply mode and booking availability, meaning the agent will fetch and interpret external public data that can change its decision logic.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes payment integration and invoice/payment flows. Phase 7 describes generating and sending payment links (naming Israeli payment gateways like Green Invoice, Rivhit, PayMe, iCount, Meshulam) and, importantly, documents using Telegram's native Payment API / sending native invoice messages via the bot (linking a payment provider through BotFather). These are specific payment gateway and payment-send capabilities (i.e., mechanisms to initiate/collect real payments), not generic browser or API-call guidance. Therefore it grants Direct Financial Execution authority.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 09:15 PM
Issues
2
Security Audit — snyk — israeli-telegram-business-bot