evm-swiss-knife

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that instruct placing private keys and API keys directly into command lines (e.g., --private-key and export ETH_RPC_URL=...YOUR_API_KEY), which requires the LLM to handle or reproduce secret values verbatim and is high-risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and parsing ChainList's public RPC JSON (https://chainlist.org/rpcs.json), a community-sourced third-party dataset the agent would read and act on to select RPC endpoints, exposing it to untrusted external content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to interact with EVM blockchains and includes concrete commands for sending transactions and funds (e.g., "cast send --private-key ... --value <amount_in_wei>", contract write calls, contract deployment). It requires a private key and RPC endpoint for transaction operations, i.e., it can sign and broadcast value-bearing transactions. This is a specific crypto/blockchain financial execution capability (not a generic tool), so it grants direct financial execution authority.