The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the bankr CLI to execute critical financial operations on the blockchain, including token swaps, cross-chain bridging, and the submission of raw transactions with custom calldata on Base, Ethereum, Polygon, Solana, and Unichain.\n- [EXTERNAL_DOWNLOADS]: Instructions guide the user to install the @bankr/cli package from the NPM registry and interact with vendor-provided APIs at api.bankr.bot and llm.bankr.bot for agent tasks and LLM model access.\n- [CREDENTIALS_UNSAFE]: The skill manages authentication through API keys and LLM gateway keys (bk_...), which are stored locally in a plain-text configuration file at ~/.bankr/config.json and handled via environment variables like BANKR_API_KEY.\n- [PROMPT_INJECTION]: Financial transactions are triggered by natural language prompts, creating a surface for injection attacks where malicious input could potentially trick the agent into executing unauthorized trades or transfers.\n- [DATA_EXFILTRATION]: While intended for its primary trading functionality, the skill transmits user-provided prompts and wallet-related metadata to external vendor APIs (api.bankr.bot).\n- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external untrusted sources such as social media handles (Twitter/Farcaster), NFT metadata from OpenSea, and prediction market descriptions from Polymarket, which could contain hidden instructions.\n
Ingestion points: Processes usernames, NFT names, and market search results from external platforms.\n
Boundary markers: No specific delimiters or safety warnings are enforced for isolating natural language data within the trading command context.\n
Capability inventory: Capabilities include wallet balance retrieval, message signing, and transaction broadcasting across multiple chains via the bankr binary.\n
Sanitization: The agent relies on internal CLI validation, but the interpretation of external strings as part of financial commands remains an exploitable surface.

bankr