openindex-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs users (and shows examples) to export private keys like export OPENINDEX_PRIVATE_KEY=0x... and to pass keys via -k KEY or inline flags, which requires embedding raw secret/private-key values verbatim in commands—an insecure credential-handling pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to arbitrary user-generated content via commands like search/get-user/roulette (usernames and profile descriptions) and get-messages (encrypted messages are decrypted locally and read by the agent), which are fetched from other users on the open OpenIndex network and thus could carry indirect prompt-injection content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides wallet and blockchain transaction functionality: it can create/restore wallets, manage private keys, sign messages, check balances, and—critically—send native tokens and ERC‑20 tokens across multiple chains with commands like send-eth, send-token, and send @username. These are concrete crypto/transaction operations (multi-chain transfers, token transfers, username-based payouts), i.e., direct financial execution capabilities.