cairo-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's fork-testing examples show an Alchemy URL with "YOUR_KEY" embedded in the test attribute, which encourages inserting an API key directly into generated test code (verbatim), creating exfiltration risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for testing Cairo smart contracts on Starknet and includes concrete APIs/actions that perform blockchain financial operations: deploying contracts, calling ERC20 functions (transfer, approve, deposit), executing AMM.swap, and fork-testing against mainnet state. These are explicit crypto/blockchain transaction capabilities (token transfers/swaps and on-chain deployments), not generic tooling, so it grants direct financial execution authority.