chain-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask for a Zerion API key (and potentially RPC URLs containing keys) and to include it in example commands like ZERION_API_KEY=<user-provided-key> yarn generate:asset-data, which would require the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 0 research and Phase 5 asset-generation steps explicitly instruct the agent to perform web searches for official chain websites/GitHub/ChainList and to locate/use public RPC endpoints and CoinGecko/Zerion APIs (e.g., "Search for official chain website and docs", "Find RPC endpoints", "CoinGecko Adapter Integration" and the asset generation steps), meaning the agent must fetch and interpret open/public third‑party content and RPC responses which directly determine which integration path and runtime actions the agent will take.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to integrate blockchains and wallets and includes chain-specific signing and broadcasting capabilities. It repeatedly references native asset sends/receives, HDWallet SignTx implementations, wallet address derivation, and chain adapter methods such as signTransaction, buildSendApiTransaction, and broadcastTransaction. The EVM second-class adapter explicitly "provides ... Transaction broadcasting" and the HDWallet sections define SignTx/SignedTx flows. It also covers swapper integration (Relay/0x/etc.) enabling on-chain swaps. These are specific crypto/payment primitives (wallet signing + broadcasting transactions) that enable moving value, so the skill grants direct financial execution authority.