cli-cast

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt instructs requesting or using private keys and API keys (e.g., asking the user to "provide a private key for this session" and showing commands with --private-key or RPC URLs containing ROUTEMESH_API_KEY), which can require the LLM to include secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to use external RPC endpoints and public RPC providers (RouteMesh or chain-specific public RPCs) and to web-search chainlist.org when needed (see "RPC Configuration" and "Chain Resolution" in SKILL.md), so it ingests untrusted third-party content that can influence RPC construction and subsequent on-chain actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain financial operations. It documents commands to "send transactions" and "cast send" with concrete examples (e.g., "cast send "$TO" --value 1ether", "cast send "$CONTRACT" "transfer(address,uint256)" ... --private-key "$ETH_PRIVATE_KEY""), building and broadcasting signed transactions ("cast mktx", "cast send"), signing methods and key management (reading ETH_PRIVATE_KEY, keystore import, hardware wallet/--ledger), and wallet operations (create wallet, get address, sign messages). These are specific crypto/blockchain wallet and transaction capabilities that can move funds on-chain, so this skill grants direct financial execution authority.