pachca-messages
Facilitates sending messages, replies, and file uploads in chat applications, enhancing communication and engagement.
Install this skill
or
79/100
Security score
The pachca-messages skill was audited on Mar 7, 2026 and we found 5 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 77
Webhook reference - potential data exfiltration
SourceSKILL.md
| 77 | > Or take user_id from context (webhook, previous request) |
medium line 113
Webhook reference - potential data exfiltration
SourceSKILL.md
| 113 | > `buttons` — array of arrays (rows × buttons). Max 100 buttons, up to 8 per row. Button with `url` opens link, with `data` — sends event to webhook. |
medium line 137
Webhook reference - potential data exfiltration
SourceSKILL.md
| 137 | > Webhook for new message does NOT contain attachments — `files` field is absent. Always check attachments via GET /messages/{id}. |
medium line 167
Webhook reference - potential data exfiltration
SourceSKILL.md
| 167 | 3. Now the bot will receive webhook events about new messages in this thread |
low line 110
External URL reference
SourceSKILL.md
| 110 | pachca messages create --entity-id=<chat_id> --content="Выбери действие" --buttons='[[{"text":"Подробнее","url":"https://example.com"},{"text":"Отлично!","data":"awesome"}]]' |
Scanned on Mar 7, 2026
View Security DashboardInstall this skill with one command
/learn @pachca/pachca-messages