Skills
skills/austintgriffith/ethskills/orchestration/Snyk

orchestration

Fail

Audited by Snyk on Mar 13, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md "AI Agent Commerce: End-to-End Flow" and its Concrete Implementation explicitly show the agent using x402Fetch to HTTP GET arbitrary agent endpoints and calling response.json() (weatherData), meaning it fetches and interprets untrusted third‑party HTTP content (agent endpoints/The Graph) that can alter behavior (payments, retries, ratings).

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned for literal, high-entropy values that could be used to access services. I flagged one hardcoded API-like credential:
  • Found: "https://base-mainnet.g.alchemy.com/v2/8GVG8WjDs-LEAKED" — contains an embedded Alchemy v2 key-looking token (8GVG8WjDs-LEAKED). This is a literal, non-placeholder API key pattern and should be treated as a leaked secret even though it appears in an example of "❌ WRONG".

Ignored items and why:

  • Contract addresses like 0x8004A169... and 0x8004BAa1... are public on-chain addresses (not secrets).
  • Environment variable references (process.env.AGENT_PRIVATE_KEY, process.env.BASE_RPC_URL) are names only, no values provided — per rules, ignore.
  • Doc placeholders and examples (e.g., YOUR_KEY, YOUR_CID, rpc URLs with YOUR_KEY, comments about sk-xxxx) are explicitly listed as ignore cases.
  • No private key PEM blocks or other high-entropy bearer tokens were present beyond the Alchemy-style key above.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly centered on Ethereum financial operations and includes concrete wallet/transaction APIs and patterns for moving value. It shows code and tooling to create wallets (createWallet with AGENT_PRIVATE_KEY), connect a JsonRpcProvider, sign and send onchain transfers (EIP-3009 transferWithAuthorization, writeContractAsync for swap), use x402Fetch to execute HTTP-native payment flows (402 + payment signature + tx hash), and instructions to fund deployer and deploy to mainnet. These are specific crypto/blockchain transaction utilities (wallets, signing, swaps, onchain payments) — i.e., direct financial execution capabilities.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 11:36 PM
Issues
3