analyzing-options-flow

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to use a Read tool to load API credentials from a .env file and to configure API/RPC connections and run shell commands, which means the LLM will have direct access to secrets and may be forced to include them verbatim in generated commands/requests (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and references/implementation.md) instructs the agent to fetch and aggregate data from public third‑party APIs and sites—e.g., CoinGecko, CoinMarketCap, Etherscan, Dune Analytics, The Graph and via Bash(crypto:options-*) queries—which are untrusted public sources whose content is read and used to drive analysis, alerts, and trading decisions, enabling indirect prompt injection risk.