evm-chains

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly tells the agent to replace ROUTEMESH_API_KEY with the environment variable's value when constructing RouteMesh RPC URLs, which requires including a secret API key verbatim in generated output (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs that "If the requested chain is not listed, use the web search tool to find authoritative metadata from the chain's official documentation or Chainlist," which requires fetching and interpreting open/public third-party web content that can change RPC/chain decisions.