bankr
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted user input and has high-impact capabilities.\n
- Ingestion points: All user prompts passed to the
/bankrcommand and tool arguments inindex.tsare sent directly to the Bankr API.\n - Boundary markers: Absent. The code does not use delimiters or provide instructions to the model to ignore embedded malicious commands within the data.\n
- Capability inventory: The skill possesses extensive financial capabilities including token swaps, bridging assets, and executing raw hex transactions on multiple blockchains (Base, Polygon, Solana, Ethereum).\n
- Sanitization: No sanitization, escaping, or validation of the natural language input is performed before the prompt is sent to the backend.
Audit Metadata