Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill explicitly instructs the agent to collect and then present the full Telegram bot token back to the user in the configuration review. Echoing secrets into chat, summaries, logs, or review output unnecessarily increases exposure risk because the token may be retained in conversation history, telemetry, screenshots, or copied into insecure contexts, and anyone with the token can control the bot.
