bankr
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the '@bankr/cli' Node.js package globally from the official registry to enable its command-line features.
- [COMMAND_EXECUTION]: The skill facilitates the execution of external tools, such as the 'claude' CLI binary (Claude Code), on the host system via the 'bankr llm claude' command.
- [PROMPT_INJECTION]: The skill processes untrusted external data from cryptocurrency protocols (e.g., token metadata, NFT listings, and prediction market data), which represents a surface for indirect prompt injection. This risk is mitigated by the skill's architectural support for read-only API keys and explicit security recommendations for wallet isolation.
- [SAFE]: Standard operational procedures, including local credential storage in '~/.bankr/config.json' and the automated configuration of third-party LLM providers like OpenClaw and OpenCode, are documented with appropriate security guidelines and access controls.
Audit Metadata