signet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding secret keys directly (e.g., PRIVATE_KEY=0x... and a --private-key CLI option) and requires sending an encoded payment header (X-402) derived from signing, which would force the agent to handle/include secret key material verbatim in commands/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the public Signet API (e.g., https://signet.sebayaki.com/api/signature/list) to retrieve recent spotlight signatures which contain user-provided URLs and metadata, so the agent would ingest untrusted, user-generated third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform onchain payments for ad placement. It documents an x402 payment flow that requires signing USDC payments (Permit2 on Base), submitting a payment header, and optionally providing a PRIVATE_KEY or --private-key to the CLI. It references wallet signing libraries (@x402/core, @x402/evm) and executing onchain transactions to settle payment. These are specific crypto/blockchain payment capabilities (wallet signing and onchain transaction submission), not generic tooling.