injective-wallet-ops

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads or derives mnemonics/private keys and returns/stores private_key strings (acct.key.hex()) and seed-derived wallets, which requires the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly makes on-chain queries (e.g., client.fetch_bank_balance and client.fetch_subaccount_deposits in SKILL.md and the various scripts) against the public Injective blockchain/RPC, ingesting user-generated, untrusted on-chain data that can materially influence funding, batching, and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements cryptocurrency wallet management and on-chain fund transfers. It contains code and references for generating/deriving private keys and addresses (BIP-44 mnemonics, random keys), converting ETH/INJ addresses, and—critically—batch funding wallets and submitting chain transactions (composer.msg_send batching up to 200 MsgSend in one tx, msg_subaccount_deposit, MsgBroadcasterWithPk, pyinjective usage). These are concrete, specific blockchain APIs and functions to move funds (INJ, USDT) and sign/broadcast transactions, so it provides direct financial execution capability.