sanctum

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and client code explicitly place an API key as a query parameter (e.g., ?apiKey=${API_KEY}) and pass it into fetch/URL strings, which requires the agent to insert secret values verbatim into requests or generated code.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches unsigned transactions and swap orders at runtime from https://sanctum-api.ironforge.network which supply base64-encoded transaction payloads that are then signed/executed, so remote content directly controls executable transaction instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana-focused financial SDK for liquid staking and token swaps. It provides dedicated endpoints and client methods to create swap orders, obtain unsigned transactions, sign transactions with a Keypair, and execute them via POST endpoints (e.g., /swap/token/execute, /swap/depositStake/execute, /swap/withdrawStake/execute). The TypeScript client includes convenience methods that perform swaps, add/remove liquidity, stake/unstake, and return on-chain transaction signatures. This is a specific crypto/blockchain financial execution capability (moving funds and executing on-chain transactions), not a generic API or browser automation tool.