evm-chains

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs replacing ROUTEMESH_API_KEY with the environment variable's value in a constructed RPC URL, which requires the LLM to include a secret verbatim in its output (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs: "If the requested chain is not listed, use the web search tool to find authoritative metadata from the chain's official documentation or Chainlist," which requires fetching and interpreting public third-party webpages (official chain docs / Chainlist) that can materially influence RPC URLs and tool actions.