evm-atlas
Fail
Audited by Snyk on Jul 5, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs substituting API keys (e.g., ROUTEMESH_API_KEY, $ETHERSCAN_API_KEY) into request URLs or API calls, which requires reading and embedding secret values verbatim into generated requests/commands.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via runtime HTTP responses from public third-party APIs (e.g., Chainscout
https://chains.blockscout.com/api/chains/{id}and Blockscout/Etherscan/Bungee/LayerZero/LI.FI endpoints), whose JSON fields are ingested as readable text for reporting.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata