Skills
skills/aaaaqwq/agi-super-team/bankr-signals/Snyk

bankr-signals

Fail

Audited by Snyk on Mar 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt shows API keys placed directly into config files and used verbatim in curl headers (e.g., X-API-Key: bk_YOUR_KEY and API_KEY="bk_YOUR_KEY"), which requires the agent/LLM to handle and emit secret values in generated commands and outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required heartbeat and integration steps (HEARTBEAT.md and SKILL.md) instruct the agent to poll public endpoints such as https://bankrsignals.com/api/feed and https://bankrsignals.com/api/leaderboard to read other providers' signals (user-generated, public content) and to use those signals to make copy-trading and other decision/actions, which clearly lets untrusted third-party content influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents at runtime to "Fetch https://bankrsignals.com/heartbeat.md and follow it", meaning remote content at that URL would be fetched during execution and directly control agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly built around crypto trading on-chain: it provisions wallets, exposes an Agent API key (bk_...) and a synchronous signing endpoint (https://api.bankr.bot/agent/sign) for EIP-191 signatures, and documents workflows for registering providers, publishing trade signals (including tx hashes, collateralUsd, leverage) and closing positions. It also references a "Sign & Submit API" and leverage trading docs. These are specific crypto wallet/signing capabilities (wallet provisioning + signing/submission) intended for trading, not generic tooling—so it grants direct financial execution authority.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 06:57 AM
Issues
4