koios-agent-wallet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples and run instructions that embed API keys and private key CBOR hex values (e.g., KOIOS_API_KEY, PAYMENT_SKEY_CBOR_HEX, STAKE_SKEY_CBOR_HEX, xprv1...) in code and CLI commands, which requires the agent to accept and emit secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and interprets data from public Koios endpoints (e.g., https://api.koios.rest via KoiosProvider) and explicitly instructs capturing unsigned tx CBOR from arbitrary dApp mint APIs/websites (via browser devtools), so the agent ingests untrusted third‑party content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency wallet operations on Cardano: it provides key-based wallet generation, loading of payment and stake keys, building/signing/submitting ADA transactions, and registering/delegating stake. It includes concrete APIs and scripts for sending ADA (MeshTxBuilder .txOut, wallet.signTx, wallet.submitTx), signing/submitting unsigned cbor txs, and environment variables for PAYMENT_SKEY_CBOR_HEX / STAKE_SKEY_CBOR_HEX. These are specific crypto/blockchain wallet actions (creating/signing/submitting transactions and managing keys), which constitute direct financial execution capability.