eigen-compute

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that set sealed secrets by embedding secret values directly in CLI commands (e.g., ecloud compute app env set MY_SECRET="value" API_KEY="key"), which encourages the LLM to produce outputs containing verbatim secrets and thus creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill invokes the ecloud CLI to fetch app data and logs (see "ecloud compute app logs" in SKILL.md and the getAppLogs / getAppInfo / listApps methods in scripts/compute-api.js), which returns untrusted, user-generated content from deployed apps that the agent is expected to read and could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes crypto-related artifacts and tooling: each deployment has a "unique wallet — cryptographic identity per deployment", a KMS signing public key at /usr/local/bin/kms-signing-public-key.pem, and a kms-client binary (KMS signing client) inside the TEE. It also references ETH-based deploy costs (Sepolia) and attestation/verification endpoints. These are specific crypto/wallet/signing capabilities (not just generic CLI or HTTP callers), so it meets the "Crypto/Blockchain (Wallets, ... Signing)" criterion for Direct Financial Execution.