Bankr Dev - API Basics
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWDATA_EXFILTRATION
Full Analysis
- [Data Exposure] (LOW): The skill documentation includes code examples that perform network operations via fetch() to an external domain (https://api.bankr.bot). This domain is not included in the pre-approved whitelist of trusted repositories or organizations. While appropriate for the skill's purpose as an API guide, any external network communication to non-whitelisted domains is noted as a low-level concern.
- [SAFE] (SAFE): No malicious instructions, prompt injection attempts, obfuscated content, or unauthorized file access patterns were identified within the SKILL.md content.
- [Indirect Prompt Injection] (INFO): The skill documents an architecture for an AI agent to execute financial transactions (crypto trading, DeFi operations) based on natural language prompts. This represents a high-sensitivity capability surface. (1) Ingestion points: User-provided prompt strings sent to the /agent/prompt endpoint. (2) Boundary markers: Not mentioned in the examples. (3) Capability inventory: Trading, swapping, and prediction market interactions. (4) Sanitization: The provided examples do not include sanitization or validation of the prompt content before API submission.
Audit Metadata