bankr-signals
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a heartbeat routine in
SKILL.mdthat instructs the agent to fetch and follow instructions from a remote URL (https://bankrsignals.com/heartbeat.md). This pattern of dynamic instruction loading allows the remote server to alter the agent's logic or behavior at runtime. - [PROMPT_INJECTION]: The skill encourages agents to copy-trade based on a public signal feed (
/api/feed). The ingestion of untrusted data—specifically the trade 'reasoning' and 'metadata' fields—without explicit sanitization or boundary markers creates a surface for indirect prompt injection. - [COMMAND_EXECUTION]: The
scripts/publish-signal.shscript executes arbitrary JavaScript vianode -eto handle cryptographic signing. While used for its stated purpose, this enables dynamic code execution within the agent's environment. - [EXTERNAL_DOWNLOADS]: The skill's operational flow involves periodic downloads of instruction sets and trade data from external domains (
bankrsignals.comandapi.bankr.bot).
Audit Metadata