Draft Router

The skill is mostly coherent with its stated purpose (routing Telegram draft messages and storing them), but it contains hard-coded Telegram bot credentials and sample sender scripts that are unnecessary for the runtime skill and present a clear security/privacy concern.

This skill's routing and file-write behavior match its description, but the bundle includes hard-coded Telegram credentials in example sender scripts — treat those as sensitive. Before installing: 1) Do not deploy to production with embedded tokens; remove or rotate any exposed tokens and replace with environment-configured secrets if needed. 2) Ask the skill author whether the embedded token is theirs and whether it should be in the repo; if it's not yours, assume it is a secret that should be removed. 3) Review and sanitize the drafts-* example scripts (or delete them) to avoid accidental execution that would send drafts to an external bot. 4) If integrating this into a gateway, ensure the gateway's filesystem and Telegram bot tokens are restricted and that the gateway only requires this skill if you trust the code. 5) Consider running the skill in a sandbox or review the code line-by-line (focus on file writes and any network calls) before granting it access to sensitive workspaces.