doppel-erc-8004

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes code that explicitly prints the generated private key (console.log("Private key:", privateKey)) and examples that embed bearer/API keys in request headers, which requires handling and potentially outputting secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs reading external, public data — e.g., querying the ERC-8004 subgraph via The Graph Gateway (SUBGRAPH_URL) and reading tokenURI/agentURI from the Identity Registry (which can point to arbitrary URLs/IPFS and contains service endpoints) — and uses those user-generated/untrusted values for reputation, verification, discovery, and token allocation, so third-party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly instructs creating and managing a crypto wallet (generate private key, derive address, store .env), funding it with ETH, and performing onchain transactions using viem (createWalletClient, estimateGas, walletClient.writeContract). It includes code to sign/send transactions (register, setAgentURI), parse receipts, and interact with specific contract addresses on Base mainnet. These are direct crypto/blockchain wallet and transaction operations (signing/sending), which meet the "Direct Financial Execution" criteria.