exploring-blockchain-data

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to load API credentials from {baseDir}/config/crypto-apis.env into its tools, which exposes secret values to the agent context (and risks them being included in generated commands/outputs).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interprets untrusted public content at runtime (e.g., contract ABIs and transaction/token data from explorer APIs like Etherscan via chain_client._explorer_call / get_contract_abi and market/token info from CoinGecko via token_resolver._fetch_price/_fetch_token_info), as required in SKILL.md/ARD.md and references/implementation.md, and that data (decoded functions, protocol IDs, prices) is used to enrich results and generate insights, so third‑party content can materially influence agent behavior.