slot-rpc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit curl/header examples that instruct embedding an API token (Authorization: Bearer ...) in commands/requests, so an LLM could be asked to insert real tokens verbatim and thus exfiltrate secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs making requests to public Cartridge RPC endpoints (https://api.cartridge.gg/x/starknet/mainnet and /sepolia) and viewing RPC logs, which will return on-chain data and user-submitted request payloads from arbitrary third parties that the agent would read and interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes dedicated Starknet RPC endpoints (blockchain-specific RPC) with authenticated access and examples of JSON-RPC usage. Although the example shows a read call (starknet_chainId), the documented RPC is explicitly for a crypto blockchain and thus can be used to submit transactions, interact with wallets, and perform on-chain operations. This is a specific crypto/blockchain integration (not a generic tool), so it constitutes direct financial execution capability.