bankr
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill operates primarily through a specialized command-line interface (bankr) and can launch external binaries such as claude (Claude Code) to facilitate LLM gateway interactions.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and processes untrusted external data from blockchain explorers and social media platforms while possessing high-privilege capabilities such as fund transfers and transaction execution.\n
- Ingestion points: The agent retrieves token prices and market data from public blockchains (references/market-research.md) and resolves social handles from Twitter, Farcaster, and Telegram (references/transfers.md).\n
- Boundary markers: The skill instructions do not specify the use of delimiters or protective boundary markers to isolate untrusted external content from the agent's core instructions.\n
- Capability inventory: The agent has high-impact tools for token swaps, cross-chain bridging, and raw transaction submission (SKILL.md, references/sign-submit-api.md, references/token-trading.md).\n
- Sanitization: No explicit sanitization or escaping of external content before interpolation into prompts is documented.\n- [EXTERNAL_DOWNLOADS]: The skill guides users to install the @bankr/cli global package from the NPM registry to enable its full functionality.
Audit Metadata