cairo-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and instructs embedding API keys and private keys verbatim in commands and URLs (e.g., --url https://.../v2/YOUR_KEY and --private-key 0xabc...), which would require the agent to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs fetching/running a public install script (curl ... raw.githubusercontent.com) and uses public RPC endpoints (e.g., https://starknet-sepolia.g.alchemy.com/...) whose responses are parsed (e.g., extracting class_hash/contract_address in the Deploy Script) as part of the workflow, so untrusted third-party content can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Setup includes running curl -L https://raw.githubusercontent.com/foundry-rs/starknet-foundry/master/scripts/install.sh | sh which downloads and executes remote code at runtime to install Starknet Foundry (a required dependency), so the fetched content directly executes code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with Starknet: creating/importing accounts (including private keys), deploying accounts, declaring and deploying contracts, invoking write functions (e.g., "transfer"), multicall transactions, and using mainnet RPC endpoints. These are specific blockchain/crypto transaction capabilities (wallet management and sending on-chain transactions), so this grants direct financial execution authority.