evm-atlas

Fail

Audited by Snyk on Jul 5, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs substituting API keys (e.g., ROUTEMESH_API_KEY, $ETHERSCAN_API_KEY) into request URLs or API calls, which requires reading and embedding secret values verbatim into generated requests/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via runtime HTTP responses from public third-party APIs (e.g., Chainscout https://chains.blockscout.com/api/chains/{id} and Blockscout/Etherscan/Bungee/LayerZero/LI.FI endpoints), whose JSON fields are ingested as readable text for reporting.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 5, 2026, 05:05 PM
Issues
2
Security Audit — snyk — evm-atlas