web3-ai-tools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs scanning/pasting code to find and report hardcoded API keys (e.g., the /api-keys command and examples like ANTHROPIC_API_KEY=sk-ant-...), which would require the model to output secret values verbatim if found.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests public third‑party content as part of its workflows — e.g., SmartGuard's usage "python main.py --address ... --network mainnet" (fetches contract code from Etherscan), LuaN1ao's RAG build via "git clone .../PayloadsAllTheThings", and Shannon/CAI instructions to scan target URLs and query Shodan — all of which are untrusted public sources the agents read and use to drive testing and exploit decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs cloning and using the PayloadsAllTheThings repo (git clone https://github.com/swisskyrepo/PayloadsAllTheThings) as a RAG knowledge-base during agent runtime, which is fetched and injected into the agent's context/behavior (directly controlling prompts/instructions) and is a required dependency for the run.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly Web3/DeFi focused and includes blockchain-specific tooling and workflow that enable executing on-chain interactions. Notable items:
• SmartGuard explicitly supports auditing "deployed contract" (fetch from Etherscan) and includes an "ExploitRunnerAgent: Writes + runs Foundry PoC" — Foundry/cast scripts are capable of constructing and broadcasting signed transactions to networks.
• The prompt references cast/foundry commands and fetching contracts on "mainnet" and mentions users connecting MetaMask wallets — all are crypto-specific integrations (blockchain RPC, transaction tooling, signing-capable toolchain).
• Multiple agents/tools are tailored for DeFi smart contracts (auto PoC generation, exploit runner), which by design can perform on-chain actions that move assets.

These are not generic HTTP or browser automations; they are crypto-specific tools that enable transaction execution (signing/broadcast via Foundry/cast and exploit runners). Therefore the skill grants direct crypto/transaction execution capability.