bankr
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the 'bankr' CLI tool to execute various commands for portfolio management, trading, and system configuration as described in SKILL.md and multiple reference files.\n- [EXTERNAL_DOWNLOADS]: Instructions require installing the '@bankr/cli' package from NPM and include setup routines for external tools like OpenClaw and OpenCode, which involve downloading and installing configuration files (references/llm-gateway.md).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its integrated web browsing and data extraction features.\n
- Ingestion points: Headless web browsing capability mentioned in SKILL.md and references/x402-cloud.md allows the agent to process content from arbitrary URLs.\n
- Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' directives when the agent processes web content.\n
- Capability inventory: Significant capabilities including token transfers (references/transfers.md), raw transaction submission (references/sign-submit-api.md), and x402 service deployment (references/x402-cloud.md).\n
- Sanitization: Absent. No filtering or validation of browsed content is documented.\n- [REMOTE_CODE_EXECUTION]: The x402 Cloud feature allows the agent to scaffold, configure, and deploy handler code for paid API endpoints (references/x402-cloud.md). This involves dynamic code generation and execution at runtime.
Audit Metadata