skills/bankrbot/skills/Wallets/Snyk

Wallets

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The required workflow runs curl -s https://ethskills.com/wallets/SKILL.md at install time, which fetches outsider-authored free text from the public web and can be ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The catalog explicitly runs/asks the agent to fetch and read https://ethskills.com/wallets/SKILL.md (via "curl -s https://ethskills.com/wallets/SKILL.md" and the instruction "Tell your agent: 'Read https://ethskills.com/wallets/SKILL.md before building'"), so remote content would directly control agent instructions at runtime.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 19, 2026, 01:18 PM

Issues

2

Security Audit — snyk — Wallets