Skills
skills/bankrbot/claude-plugins/Bankr Dev - NFT Operations/Gen Agent Trust Hub

Bankr Dev - NFT Operations

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill ingests untrusted external data through parameters like '{collection}' and '{opensea_url}'. When the agent fetches metadata for these items from a marketplace, a malicious seller could include prompt injection instructions in the NFT description or metadata. Because the skill has the capability to perform financial transactions ('Buy floor', 'Buy by URL'), this creates a high-risk scenario where an agent could be tricked into unauthorized purchases or fund transfers.
  • Ingestion points: SKILL.md defines patterns that accept arbitrary URLs and collection names.
  • Boundary markers: Absent. The patterns do not include delimiters or instructions for the agent to ignore content within the fetched data.
  • Capability inventory: High-impact 'Buy' operations that result in blockchain transactions.
  • Sanitization: None visible in the provided skill definition.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 06:45 PM