emblem-ai-agent-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and flows that ask for and embed the EmblemVault password (e.g., passing -p "your-password" on the CLI, exporting EMBLEM_PASSWORD, exporting backups containing the password), which would require the LLM to accept and output secret values verbatim—an immediate exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly lists and uses public third‑party market and social data sources (e.g., "Market Data: CoinGlass, DeFiLlama, Birdeye, LunarCrush", "OpenSea integration", "Pump.fun discovery", "PolyMarket") and instructs the agent to query/trend/portfolio data and display Hustle AI responses that drive trading and wallet actions, so untrusted external content can be fetched and materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet/trading tool (EmblemVault / Emblem Agent Wallet). It provides wallet management, signing, sending transfers, swaps, order placement, DeFi operations, cross-chain bridges, and an agent mode/CLI that can be invoked programmatically (examples: "Send 0.1 SOL to 0x...", "Swap 100 USDC to ETH on Base"). Those are specific crypto financial execution capabilities (wallets, swaps, signing, sending transactions), not generic tooling. Even though it mentions a "safe mode" confirmation, the skill's primary purpose is moving and managing funds, and it exposes programmatic execution paths. Therefore it grants Direct Financial Execution Authority.