Skills
skills/flux-point-studios/cardano-agent-skills/koios-agent-wallet/Snyk

koios-agent-wallet

Fail

Audited by Snyk on Mar 20, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt repeatedly shows and instructs using literal API keys and CBOR private-key hex in code and command-line env vars (e.g., <KOIOS_API_KEY>, PAYMENT_SKEY_CBOR_HEX, STAKE_SKEY_CBOR_HEX), which would require the agent to accept and embed secret values verbatim into generated commands/code and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to call public Koios endpoints (e.g., https://api.koios.rest) via KoiosProvider (see SKILL.md and scripts) and to ingest unsigned transactions from dApp mint APIs / public pool pages (Cardanoscan), and the scripts (scripts/agent-wallet.js, generate-key-based-wallet.js) use provider.fetchAddressUTxOs, fetchAccountInfo, fetchTxInfo and accept TX_CBOR_HEX from external APIs/files — i.e., untrusted third‑party content is fetched and directly influences signing/submission and workflow decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency financial operations on Cardano. It provides concrete APIs, scripts, and parameters to generate key-based wallets, load payment and stake keys (PAYMENT_SKEY_CBOR_HEX / STAKE_SKEY_CBOR_HEX), build transactions with MeshTxBuilder, sign transactions (wallet.signTx / vkey witnesses), and submit transactions via KoiosProvider (provider.submitTx / provider.fetchTxInfo). It also includes end-to-end scripts (scripts/agent-wallet.js, generate-key-based-wallet.js) and environment variable examples to send ADA, register stake, delegate to pools, and sign & submit dApp-built mint transactions. These are direct crypto transaction and wallet management capabilities (moving funds and signing/submitting blockchain transactions), so it grants Direct Financial Execution authority.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 09:48 AM
Issues
3