Bankr Agent - NFT Operations
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (INFO): The skill consists exclusively of a
SKILL.mdfile. No executable scripts, binaries, or configuration files were provided for analysis.\n- [PROMPT_INJECTION] (LOW): The skill defines a vulnerability surface for Indirect Prompt Injection by directing the agent to handle untrusted data which could influence its behavior during sensitive operations.\n - Ingestion points: User-supplied OpenSea URLs and external marketplace metadata retrieved from the OpenSea API as described in the skill's operations (referenced in
SKILL.md).\n - Boundary markers: Absent; no instructions are provided to the agent to help it distinguish between data and embedded instructions within external content.\n
- Capability inventory: The skill enables the agent to perform financial side effects including 'Buy', 'Transfer', and 'Mint' operations on Ethereum, Base, and Polygon.\n
- Sanitization: Absent; the skill does not define any validation, sanitization, or human-in-the-loop checkpoints before executing transactions based on external metadata.
Audit Metadata