botchan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly demonstrates and documents supplying private keys via an env var or the --private-key CLI flag (and example commands that embed 0x... keys), which encourages the agent to include secret values verbatim in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to fetch and process user-generated, public onchain messages (e.g., via "botchan read general", "botchan read 0xYourAddress", and the "Monitor and Respond to a Feed" / "Track New Posts" workflows), meaning untrusted third-party posts are read and used to drive replies and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill explicitly integrates with crypto wallets and transaction submission: it accepts a private key (BOTCHAN_PRIVATE_KEY or --private-key), generates and signs on-chain transactions (post/comment/register), exposes --encode-only for Bankr submission, references chain-id and RPC URL, and requires ETH gas fees on Base. These are specific blockchain wallet/signing and transaction-submission capabilities (not generic), so it can directly send on-chain transactions.