openfort-backend-wallets

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires handling API keys and wallet secrets (OPENFORT_API_KEY, OPENFORT_WALLET_SECRET/pk_test_..., and explicit privateKey fields) and includes examples that pass or export raw private keys/tokens, which would force the agent to accept and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and interprets external/untrusted inputs at runtime — e.g., SKILL.md and references show sendRawTransaction(base64EncodedTransaction) (which the SDK decompiles and extracts instructions), sendTransaction with an optional rpcUrl (custom RPC endpoints) and Solana compute-unit auto-estimation via simulateTransaction, all of which cause the agent to fetch/parse third-party or user-provided content that can change subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a backend wallet SDK for creating and operating developer-custody wallets and performing blockchain financial operations. It provides direct APIs for sending transactions (openfort.accounts.evm.backend.sendTransaction, .sendTransaction for Solana, .transfer for SOL/SPL), importing/exporting private keys, signing transactions/messages, creating fee sponsorships and policies, and managing paymaster/transaction intents. It also requires secret API keys and a wallet secret for server-side mutating calls. These are specific tools to move crypto/funds (payments, transfers, sponsorships, market/payment flows), so it grants direct financial execution authority.