monad-development

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs agents to generate wallets, persist and "return credentials to user" (including private keys) and to save private keys in files, which requires the LLM to output secret values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to fetch https://docs.monad.xyz/llms.txt for questions "not covered here," meaning remote content can directly control prompts/instructions and thus is a high-risk runtime dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain financial operations. It includes: wallet generation and mandatory private-key persistence; commands to broadcast transactions using a private key (forge script with --private-key --broadcast); RPC endpoints for testnet and mainnet (including mainnet chain ID); an agent-accessible faucet API (curl POST /v1/faucet) that funds addresses; and workflows to deploy/manage ERC20 tokens. These are specific crypto/blockchain capabilities (wallets, signing/broadcasting transactions, and funding) — not generic tooling — so it grants direct financial execution authority.