Bankr Agent - Transfers
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): Susceptible to Indirect Prompt Injection (Category 8) due to the combination of high-privilege write capabilities (asset transfers) and untrusted data ingestion. 1. Ingestion points: Social handles (Twitter, Farcaster, Telegram) and ENS names processed within user prompts (SKILL.md). 2. Boundary markers: Absent; the skill lacks instructions for delimiters or isolation of resolved recipient data from agent reasoning. 3. Capability inventory: Asset transfers on EVM chains and Solana (SKILL.md). 4. Sanitization: Absent; there is no requirement for validation or escaping of external identifiers before processing.
- NO_CODE (SAFE): The provided skill file contains only markdown documentation and metadata, with no executable scripts, binaries, or remote code patterns identified.
Recommendations
- AI detected serious security threats
Audit Metadata