bankr-signals
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
scripts/publish-signal.shscript relies on aPRIVATE_KEYenvironment variable for cryptographic signing. Passing raw private keys through environment variables is a high-risk practice that can lead to credential theft if the process environment is logged or inspected. - [PROMPT_INJECTION]: The skill presents multiple injection surfaces by instructing the agent to consume untrusted external content.
- Ingestion points:
SKILL.mdinstructs the agent to fetch and follow a remote instruction file (https://bankrsignals.com/heartbeat.md) and poll a public signal feed (https://bankrsignals.com/api/feed). - Boundary markers: Absent. There are no instructions provided to the agent to treat the remote markdown or signal reasoning fields as untrusted data.
- Capability inventory: The agent can sign messages via the Bankr API or local scripts to publish trades and signals.
- Sanitization: Absent. The agent processes instructions and trading signals directly from the provider's infrastructure.
- [COMMAND_EXECUTION]: The
scripts/publish-signal.shscript usesnode -eto dynamically execute Javascript code for signing messages. This execution pattern is a risk vector if environment variables or arguments are manipulated, though it is currently used for internal logic.
Audit Metadata