net-protocol

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs users to set a private key (NET_PRIVATE_KEY) and shows examples that pass that key as a CLI argument (e.g., --private-key), which is an insecure pattern that can force secrets to be handled/embedded in commands and therefore exposed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read public Net Protocol topics and storage (e.g., netp message read and netp storage read for topics like "agent-collab" and feeds), which are untrusted, user-generated onchain messages that the agent would parse and could alter its subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain actions that require a private key and gas (e.g., netp message send, netp storage upload, and netp token deploy). These CLI commands sign and broadcast transactions on Base (with listed gas costs) and therefore can authorize spending ETH and deploy tokens. This is a specific crypto/blockchain execution capability (wallet signing / transaction sending), not a generic tool, so it grants direct financial execution authority.