cli-cast

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly directs use of private keys and API keys in commands/URLs and tells the agent to ask the user to provide a private key (or embed keys into RPC URLs/command flags), which requires the LLM to handle or output secret values verbatim and therefore is insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Chain Resolution" steps explicitly tell the agent to web-search chainlist.org if a chain isn't in the bundled references/chains.md, so the agent would fetch and act on public third-party webpage content (chainlist.org) which can change resolved chain IDs and thus materially influence RPC URLs and subsequent on-chain actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with EVM blockchains and includes commands to sign and broadcast transactions, transfer ETH, call contract functions that change state, manage private keys/keystores/hardware wallets, and build raw signed transactions. Examples: cast send to submit state-changing transactions (including --private-key and --ledger usage), cast mktx to create signed raw transactions, and wallet operations for signing. These are specific crypto/blockchain financial execution capabilities (sending funds and performing on-chain transactions), so it grants direct financial execution authority.