hodlmm-flow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly recommends supplying a Hiro API key via a command-line flag (--hiro-api-key <key>), which encourages embedding secret API keys verbatim in generated commands or outputs and thus creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches public on-chain data from the Hiro API (see SKILL.md "Swap data is sourced from Hiro API" and the hodlmm-flow.ts calls to /extended/v1/address/{pool}/transactions and /extended/v1/tx/events), parses untrusted smart_contract_log repr fields, and uses those parsed values to compute metrics and verdicts that drive agent decisions—meaning arbitrary third-party on-chain content can materially influence behavior.