Skills
skills/cyfrin/solskill/battlechain/Snyk

battlechain

Fail

Audited by Snyk on May 8, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes examples and instructions that embed an API key directly on the command line (e.g., --etherscan-api-key 1234) which encourages the agent to request/insert secrets verbatim into commands, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly tells the agent to "Always fetch" the external docs at https://docs.battlechain.com/llms-full.txt, so the agent will ingest and act on untrusted, publicly-hosted documentation that can change and materially influence deployment/verification decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to "Always fetch" https://docs.battlechain.com/llms-full.txt at runtime as the single source of truth for BattleChain technical details, meaning external text from that URL would be injected into the agent's context and can directly control prompts/instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with a blockchain (BattleChain) and includes per-function deployment and transaction primitives. It lists concrete APIs/commands that perform on-chain actions: bcDeployCreate/bcDeployCreate2/bcDeployCreate3 (deploy via BattleChainDeployer/CreateX), bc-deploy / bc-deploy-verify targets, forge script --broadcast with RPC URL, and parameters like . It describes broadcasting transactions, chain IDs, and "real funds" battle-testing. These are specific crypto/blockchain execution capabilities (deploying/sending transactions on-chain), not generic tooling, so it grants direct financial execution authority.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 09:29 AM
Issues
4