Bankr Dev - Token Deployment
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection via its natural language interface. 1. Ingestion points: Variable fields such as {description}, {name}, and {symbol} in SKILL.md are used to construct tool inputs. 2. Boundary markers: The prompt patterns lack delimiters or explicit boundary markers to separate untrusted data from the agent's instructions. 3. Capability inventory: The tool possesses high-privilege capabilities including token deployment, updating reward recipients, and 'Claim all my Clanker fees' operations. 4. Sanitization: There is no evidence of input validation or sanitization for the interpolated strings. An attacker could embed commands within a token description to redirect fees or execute unauthorized deployments.
- [COMMAND_EXECUTION] (LOW): The skill relies on an external execute function from './bankr-client' to perform operations. While the implementation is not visible in the provided file, it bridges natural language prompts to state-changing blockchain transactions.
Recommendations
- AI detected serious security threats
Audit Metadata