analyzing-options-flow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly tells the agent to read API credentials from a local env file and to run Bash queries against APIs, which means the agent will access secrets and is likely to include them in commands/requests (creating exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and aggregate live data from public third-party APIs and services (e.g., CoinGecko, CoinMarketCap, Etherscan, Dune Analytics, The Graph) as shown in SKILL.md and references/implementation.md, meaning untrusted external content is read and used to drive analysis and decisions.