quicknode-skill
Fail
Audited by Snyk on May 19, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill asks the user for API keys/passwords (e.g., "What endpoint or API key should I use", subscription password fields) and instructs returning exact API payloads and handling returned
QN_*API keys, which can require the LLM to include secret values verbatim in outputs — an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). This skill explicitly instructs the agent to fetch and parse arbitrary user-generated IPFS content via the Quicknode IPFS gateway (see references/ipfs-reference.md "Retrieve Content" / gateway examples), and that fetched metadata is used in workflows (e.g., NFT metadata, tokenURIs, plan discovery), so untrusted third-party content could influence decisions and actions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly includes crypto payment and transaction capabilities. It documents x402 and MPP pay‑per‑request systems (including code that uses privateKeyToAccount, createWalletClient, wrapFetch and Mppx.create to sign/handle payments), Agent Subscriptions and a /api/v1/agent/subscriptions flow that requires/executes on‑chain stablecoin payments, a /api/v1/agent/top_up endpoint to add credits, and marketplace swap usage (Jupiter swapPost) for token swaps. These are concrete, named payment/signing APIs and endpoints that enable spending stablecoins, signing payment challenges, and performing swaps — i.e., direct financial execution. (The doc’s “Confirm Before Write” guidance is a mitigation but does not remove the presence of executable payment APIs.)
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata