skills/bankrbot/skills/Smart Contract Audit/Snyk

Smart Contract Audit

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). The required workflow uses curl -s https://ethskills.com/audit/SKILL.md at install/runtime, which fetches public web content authored by an outsider (EthSkills) and makes it LLM-readable prose for the agent.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs curl to fetch https://ethskills.com/audit/SKILL.md at runtime and instructs the agent to read/follow that document (e.g., "Read https://ethskills.com/audit/SKILL.md before auditing"), so remote content can directly control prompts/instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 19, 2026, 01:18 PM

Issues

2

Security Audit — snyk — Smart Contract Audit