bankr-airdrop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow and scripts (scripts/snapshot-bankr-holders.py scrapes Basescan at https://basescan.org/token/generic-tokenholders2 and scripts/bankr-leaderboard.mjs / export-wallets.mjs call the public API at https://api.bankr.bot/leaderboard) fetch and ingest untrusted, user-associated third‑party data (holder lists/wallets) which the agent must read to decide who to airdrop to, so that external content directly controls tool actions and recipients.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform blockchain financial operations. It instructs agents to claim on-chain fees, swap WETH to USDC via Uniswap SwapRouter02 (including slippage rules), approve token allowances, and call disperseToken() to batch airdrop native tokens to holders (with specified batch sizes and treasury transfer). It gives concrete contract addresses, wallet variables, and exact transaction flows (approve → call → send), which are direct crypto transaction and fund-management actions (wallet signing, swapping, and transferring). This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" and "Send Transaction" criteria for Direct Financial Execution.