near-cli-rs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires producing complete one-line near CLI commands and includes examples that embed sensitive secrets verbatim (seed phrases, plaintext private keys, --signer-private-key, and optional --rpc-api-key), so the LLM would need to output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow instructs the agent to construct and execute network-backed CLI commands (e.g., view/account/contract commands like "near account view-account-summary ... network-config ", "near contract download-wasm <CONTRACT_ID> ... network-config ", and "near contract view-storage ... network-config now") that fetch public, user-generated data from the NEAR network and deployed contracts, which the agent is expected to read/interpret as part of executing the workflow and could therefore influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a NEAR Protocol CLI reference that explicitly provides commands to transfer funds and tokens (near tokens, FT, NFT), stake/unstake/deposit/withdraw NEAR, create/fund accounts, sign and broadcast transactions, and manage private keys/seed phrases/ledger/MPC signing. These are specific crypto/blockchain transaction and wallet operations that can move value. Therefore it grants direct financial execution authority.