The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Handling of Plaintext Private Keys
The Python snippet for generate_wallets_from_seed constructs and returns a list of dictionaries containing the private_key as a plaintext hex string. If the agent executes this code and includes the return value in its output or logs, it will expose sensitive cryptographic secrets.
While the skill suggests using environment variables for mnemonics (e.g., {ENV}_LOAD_TEST_MM_SEED_PHRASE), the operational pattern of deriving and returning raw keys into the agent's context creates an inherent risk of accidental data exposure.
[SAFE]: Mitigation of Address Encoding Confusion
The skill correctly identifies a security risk where an attacker might use different address encodings (EVM hex vs. Injective bech32) to bypass rate limits or authorization lookups.
It provides robust validation regexes and canonicalization logic to ensure the agent uses the inj1 form for all security-critical operations.
[SAFE]: Use of Established Cryptographic Libraries
The skill relies on well-known, industry-standard packages such as eth-account, bech32, and the official injective-py SDK for all wallet and blockchain operations.

injective-wallet-ops