If Cryptobot can't decrypt an incoming message, it doesn't actually know whether the user did other things right or wrong. So I think it shouldn't make any other claims about what the user is doing, and should perhaps confess its ignorance.
Right now, sending a message that Cryptobot can't read results in it saying that the user isn't using PGP at all (issue #36), that the message isn't signed (even though Cryptobot doesn't know whether it was signed), and that the user didn't attach their public key (even though Cryptobot doesn't know whether the user attached their public key or not).
I'd suggest that in this case Cryptobot should just say that it can't read the message, and not say whether the user did other things correctly or incorrectly. Perhaps it should say that, since the user used the wrong public key, Cryptobot isn't sure whether other aspects of the message are right or wrong, because it couldn't read it.
If Cryptobot can't decrypt an incoming message, it doesn't actually know whether the user did other things right or wrong. So I think it shouldn't make any other claims about what the user is doing, and should perhaps confess its ignorance.
Right now, sending a message that Cryptobot can't read results in it saying that the user isn't using PGP at all (issue #36), that the message isn't signed (even though Cryptobot doesn't know whether it was signed), and that the user didn't attach their public key (even though Cryptobot doesn't know whether the user attached their public key or not).
I'd suggest that in this case Cryptobot should just say that it can't read the message, and not say whether the user did other things correctly or incorrectly. Perhaps it should say that, since the user used the wrong public key, Cryptobot isn't sure whether other aspects of the message are right or wrong, because it couldn't read it.