near-kit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that hard-code private keys and seed phrases (e.g., privateKey: "ed25519:...", seed phrases), which instructs embedding secrets directly in generated code/config and could require the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls and reads arbitrary on-chain contract data (e.g., near.view("contract.near", ...), useView hooks, and the untyped guestbook contract examples like guestbook.near-examples.testnet), which are public, user-generated contents on the NEAR blockchain that the agent is expected to read/interpret and therefore could carry untrusted/indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a TypeScript library for NEAR Protocol with explicit, built-in crypto/financial operations: sending NEAR tokens (near.send("bob.near","5 NEAR")), calling contract methods with attached deposits, building and sending transactions (.transaction(...).transfer(...).send()), managing private keys/key stores, wallet integrations, and message signing. These are specific blockchain payment and signing primitives (wallets, keys, transactions) that enable direct movement of funds and signed transactions.