tools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes insecure patterns (e.g., cast send ... --private-key $KEY) that instruct an agent to place secret values directly into command-line arguments/requests, which would require the LLM to handle and output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs agents to consume data from public third‑party services — e.g., the Blockscout MCP server (https://mcp.blockscout.com/mcp), abi.ninja, Etherscan/RPC endpoints and other public explorers/APIs — which are open, user-generated/untrusted sources the agent is expected to read and then use to drive actions (reads, contract calls, transactions), enabling indirect prompt injection risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents tools and SDKs for sending blockchain payments and signing transactions. It includes "x402 SDKs (HTTP Payments)" with createWallet(privateKey) and an example using a wallet, and Foundry/cast examples such as cast send 0xAddr "transfer(address,uint256)" ... --private-key $KEY --rpc-url $RPC. Those are specific, purpose-built payment/transaction APIs (wallet creation, signing, and sending transactions), not generic tooling. This grants direct financial execution capability.