lavarage
Audited by Snyk on Apr 20, 2026
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly calls the public Lavarage API (e.g., GET /api/v1/offers and /api/v1/tokens on https://api.lavarage.xyz as shown in SKILL.md and templates/client.ts) to discover permissionless, user-created token pools and then uses those responses to choose offers and build/sign/submit transactions, so untrusted third‑party content directly influences agent decisions and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill uses https://api.lavarage.xyz at runtime to fetch base58-encoded serialized Solana transactions (e.g., /api/v1/positions/open, /api/v1/bundle/submit) which are deserialized, signed, and submitted, so remote content from that URL directly controls executable on-chain actions and is a required dependency.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the full prompt for high-entropy literal values that look like real credentials.
Findings:
- Flagged: 'lv2_prod_5e5f38fefc893ade780d8a2ccd7433ad8307808c83260e75' — this is a long, random-looking token passed to LavaApiClient (appears to be a production API key). Even though the doc calls it a "public API key" and says it's "safe to use," it is still a real, high-entropy credential present in the documentation.
Ignored (not flagged):
- 'your-wallet-public-key' — documentation placeholder (explicitly a placeholder).
- Program ID
1avaAUcjccXCjSZzwUvB2gS3DzkkieV2Mw8CjdN65uu— on-chain program address / public identifier, not a secret. - Any simple example strings or setup passwords — none found beyond placeholders; per the policy these are ignored.
Conclusion: one high-entropy API key literal is present and should be treated as a secret exposure.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly a leveraged trading protocol on Solana and exposes REST API endpoints and client functions to build, sign, and submit on-chain transactions to open/close positions, borrow/repay, increase leverage, partial-sell, and submit bundles. It returns serialized Solana transactions, provides example code to sign with a wallet keypair and call submitTransaction/submitBundle, and documents market-order-like operations (open position, close position, trade quotes). These are direct crypto/blockchain transaction execution capabilities (wallet signing + transaction submission / market orders), so it grants direct financial execution authority.
Issues (4)
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Secret detected in skill content (API keys, tokens, passwords).
Direct money access capability detected (payment gateways, crypto, banking).