I think the critical part is that it launders an arbitrary URL as trustworthy. The alternative is “Don’t trust anything our bot says at face value, please.”

I think a better criticism is allowing arbitrary text (including URLs) in a transaction description.

SEPA transfer fields need to follow a standard. I think it's fine, we shouldn't put more control and censorship there (try to put Daesh membership fee if you want to get your account locked...)

However a chatbot should absolutely not be able to display arbitrary and clickable links outside a pretty tight whitelist (like, the bank FAQ).