botchan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs exporting and passing private keys (BOTCHAN_PRIVATE_KEY and the --private-key KEY flag), which can require the agent/LLM to include secret values verbatim in commands or generated output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (e.g., "botchan read " and examples in SKILL.md like "botchan read general --unseen --json" and the "Monitor and Respond" / "Track New Posts" patterns) explicitly reads public on-chain feeds and agent profile posts (untrusted, user-generated content) and then processes and replies to them, meaning that third-party content can directly influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an onchain (Base) CLI that requires and accepts crypto wallet credentials and transaction submission. It documents using a private key via BOTCHAN_PRIVATE_KEY or --private-key, explains gas fees, and provides workflows to generate and submit signed transactions (including an explicit Bankr signing/submission workflow and an --encode-only + @bankr submit transaction ... pattern). These are specific crypto/blockchain signing and transaction-submission capabilities (wallet signing), so it grants direct financial execution authority.