Skills
skills/skills-il/developer-tools/telegram-bot-builder/Snyk

telegram-bot-builder

Fail

Audited by Snyk on May 15, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs integrating arbitrary Mini App web pages (e.g., the "Mini Apps (WebApp)" section that sets a web_app URL like https://your-app.com/mini-app) and shows runtime handlers (bot.on("message:web_app_data") that JSON.parse()s incoming web_app_data) which requires the agent to ingest and act on untrusted, third-party/user-provided web content—allowing that content to materially influence bot actions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the entire skill prompt for literal, high-entropy values that could be usable credentials. The snippet under "Bot Creation with BotFather" includes a concrete, token-shaped string:

"123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11"

This matches Telegram bot token format (numeric ID + colon + high-entropy secret) and is a high-entropy literal value present in the documentation. Although this exact string is commonly used as an illustrative example in Telegram docs and may not be an active token, it is a literal credential-format value in the text and therefore meets the criteria for flagging as a potential hardcoded secret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly documents Telegram's Payments API and related methods for creating and handling real payments: examples include replyWithInvoice/reply_invoice, handling pre_checkout_query and successful_payment, Stars (XTR) purchases and Stars subscriptions, the Gifts API (sendGift, convertGiftToStars), paid_media, and mention of configuring third-party providers like Stripe via provider_token and refundStarPayment. These are concrete, payment-specific operations (creating invoices, sending gifts charged in Stars, handling refunds, and integrating provider tokens), not generic tooling. Therefore it grants direct financial execution capability.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
May 15, 2026, 09:15 PM
Issues
3
Security Audit — snyk — telegram-bot-builder