starknet-mini-pay

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that directly pass private keys and tokens (private_key="0x...", TELEGRAM_BOT_TOKEN="...") and shows API usage patterns where secrets would be embedded verbatim (e.g., pay.send(private_key="...")), which can lead an agent to request or output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests untrusted, user-supplied content at runtime — e.g., the Telegram bot (scripts/telegram_bot.py, handle_text and related handlers) parses arbitrary "starknet:" payment links from chat messages and link_builder.parse and the system also queries public RPC endpoints (STARKNET_RPC / scripts/mini_pay.py), and those parsed/queried values are used to build deep links, QR/code flows and drive payment-related actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments skill for Starknet: it provides functions and CLI commands to send ETH/STRK/USDC, uses the starknet-py SDK and RPC client, accepts a private key/MINI_PAY_PRIVATE_KEY, exposes a pay/send API and Telegram /pay command, creates invoices and an optional contract that can "execute payment". These are specific blockchain wallet/transaction capabilities (signing/sending transfers), i.e., direct financial execution.