send-message

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds a literal API_HASH (and API_ID) in multiple code and shell examples, requiring the agent to output or reproduce those secret values verbatim in commands/code — a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read and act on user-generated messages from the Bruntwork supergroup (e.g., using client.get_messages(supergroup_id, ids=N) and client.iter_messages on chat ID -1003958083153), which are untrusted third-party contents the agent is expected to interpret and that can directly influence sends/edits.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the entire skill for literal, high-entropy secrets. The file contains a repeated literal API_HASH string:

"4b812166a74fbd4eaadf5c4c1c855926"

used in multiple Telethon examples (API_HASH = "..."). This is a high-entropy, real-looking credential (Telethon/Telegram API hash) and should be treated as a secret. The numeric API_ID (18256514), chat IDs, session file paths, and other strings are not high-entropy secrets (API_IDs and chat IDs are non-secret identifiers). No PEM blocks or other API keys were present. No placeholders or obvious documentation examples triggered the ignore rules.

Therefore I flag presence of a real secret: the API_HASH literal.