viem

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that hardcode secrets (e.g., http('https://.../v2/YOUR_KEY') and privateKeyToAccount('0x...')), which encourages embedding API keys/private keys verbatim in generated code and thus requires the LLM to handle/output secret values.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs network reads from public RPC endpoints (e.g., http(s) transports like https://eth-mainnet.g.alchemy.com/v2/..., https://mainnet.infura.io/v3/..., https://rpc.ankr.com/eth) and runtime APIs that ingest on-chain, user-generated data (publicClient.getContractEvents, watchContractEvent, getBytecode, trace_call, etc.), so the agent will read and interpret untrusted third-party blockchain content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain wallet and transaction operations. It shows creating wallet clients from private keys (privateKeyToAccount), signing and sending transactions (walletClient.writeContract, simulateContract, waitForTransactionReceipt), contract write patterns, and wallet operations. These are direct crypto/ blockchain financial execution capabilities (sending transactions/signing with private keys), so it grants Direct Financial Execution Authority.