Bankr x402 SDK - Capabilities
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill exposes a sensitive interface that interprets natural language as financial commands, creating a critical attack surface. * Ingestion points: The SDK accepts natural language strings via the
client.promptAndWaitmethod as seen in the usage example. * Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the prompt logic. * Capability inventory: The skill allows for ETH/ERC20/NFT transfers, token swaps, cross-chain bridging, and leverage trading. * Sanitization: No sanitization or validation logic is described to prevent the SDK from executing instructions found within untrusted data. - [Unverifiable Dependencies] (MEDIUM): The skill depends on the
@bankr/sdkNode.js package, which is not hosted by a recognized or trusted organization in the security scope.
Recommendations
- AI detected serious security threats
Audit Metadata