pipes-sdk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that pass a database password on the command line (e.g., clickhouse-client --password <pw>), which requires embedding secret values verbatim and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests ABI and dataset content from public block explorers and portals (e.g., references/ABI_GUIDE.md shows WebFetch calls to Etherscan/BaseScan and SKILL.md/Hyperliquid uses portal.sqd.dev) and then uses that external, untrusted data to generate decoders and drive indexing behavior, so third‑party content can materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill shows runtime WebFetch calls that fetch ABIs from block explorer APIs (e.g., https://api.etherscan.io/api?module=contract&action=getabi&address=${address} and https://api.basescan.org/api?module=contract&action=getabi&address=${address}) with an explicit "prompt" to "Extract the ABI JSON"—a high-confidence runtime fetch that supplies ABI content the indexer requires and which directly drives parsing/instruction behavior, so it meets the criteria for a risky external dependency.