cli-cast

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to request or accept private keys/API keys and shows commands that embed them (RPC URL with the API key path and --private-key usage), meaning the LLM may need to handle or output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md's "Chain Resolution" step explicitly instructs the agent to web-search chainlist.org to resolve chain IDs when a chain isn't listed, requiring the agent to fetch and interpret untrusted public web content that directly influences RPC URL construction and subsequent on-chain actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for on-chain financial operations: it documents Foundry's cast CLI commands to sign and broadcast transactions (e.g., cast send, cast mktx), manage private keys/keystores/hardware wallets, and construct RPC URLs for broadcasting. It instructs using private keys/ETH_PRIVATE_KEY, sending ETH and token transfers, and signing messages—i.e., direct crypto wallet and transaction execution. This is a specific crypto/blockchain execution tool (not a generic API or browser automation), so it grants direct financial execution capability.