eth-bytecode-cracker

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes curl commands and login requests that embed API keys/tokens directly in URLs and JSON payloads (e.g., YOUR_ETHERSCAN_API_KEY, YOUR_TOKEN), which would require an agent to insert secret values verbatim into generated commands/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 1 and Step 2 in SKILL.md) explicitly fetches on-chain bytecode and transaction data from public APIs like Etherscan and looks up selectors on openchain.xyz/4byte (and later queries GitHub and ethereumhistory.com), and that untrusted external content is parsed and used to drive reconstruction, compilation, permutation-cracking, and publishing decisions—so third-party data can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running pre-built native solc Docker images (e.g., solc-poc8, solc-jan20) and references the external repository https://github.com/cartoonitunes/solc-native-builds which provides those images that would be pulled and executed at runtime, making them a required external code-execution dependency.