injective-trading-autosign

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires providing a keystore password as a parameter to authz_grant/authz_revoke calls (shown inline as password: ****), which would force the agent to accept and include a secret value verbatim in generated commands/requests, creating an exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements on-chain AuthZ delegation for Injective, including concrete commands (authz_grant, authz_revoke) and specific Cosmos message types that allow placing, cancelling, and batch-managing derivative market orders (e.g., MsgCreateDerivativeMarketOrder, MsgCreateDerivativeLimitOrder, MsgCancelDerivativeOrder, MsgBatchUpdateOrders, MsgIncreasePositionMargin). This is a narrowly scoped, crypto/blockchain capability designed to let a grantee key execute market orders and manage positions without per-trade confirmations — i.e., it directly enables financial execution (trading) on-chain rather than being a generic tool.