Bankr Dev - Automation
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable because it acts on natural language instructions to perform high-value financial transactions. 1. Ingestion points: Data enters the agent context through natural language prompts such as 'Set a limit order' or 'DCA $100'. 2. Boundary markers: None present in the defined patterns to isolate user data from instructions. 3. Capability inventory: Substantial financial 'write' capabilities including limit orders, stop-loss execution, and recurring DCA/TWAP scheduling. 4. Sanitization: No evidence of input sanitization or mandatory multi-factor/human-in-the-loop confirmation before order execution.
- Command Execution (MEDIUM): The skill documentation indicates it relies on an external, unverified local module './bankr-client' to process sensitive trade logic, which creates a significant security blind spot.
Recommendations
- AI detected serious security threats
Audit Metadata