analyzing-on-chain-data

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read API credentials from a local .env file and to configure API/RPC/exchange connections (and run bash queries), which requires the agent to access and potentially embed secret values verbatim in commands/requests, creating direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public third‑party API data (e.g., scripts/data_fetcher.py uses DEFILLAMA_BASE "https://api.llama.fi" and yields.llama.fi, and SKILL.md / references/implementation.md require fetching real‑time prices and on‑chain metrics), and that external JSON is parsed by the CLI (onchain_analytics.py) to drive rankings, trends, and analytic decisions—so untrusted third‑party content can materially influence tool behavior.