israeli-telegram-business-bot
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to consult a public third‑party holiday calendar (the recommended "hebcal" MCP server and "check a holiday calendar" in Phase 4 / Recommended MCP Servers) to drive holiday auto-reply mode and booking availability, meaning the agent will fetch and interpret external public data that can change its decision logic.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly includes payment integration and invoice/payment flows. Phase 7 describes generating and sending payment links (naming Israeli payment gateways like Green Invoice, Rivhit, PayMe, iCount, Meshulam) and, importantly, documents using Telegram's native Payment API / sending native invoice messages via the bot (linking a payment provider through BotFather). These are specific payment gateway and payment-send capabilities (i.e., mechanisms to initiate/collect real payments), not generic browser or API-call guidance. Therefore it grants Direct Financial Execution authority.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata