Skills
skills/bankrbot/claude-plugins/Bankr x402 SDK - Client Patterns/Gen Agent Trust Hub

Bankr x402 SDK - Client Patterns

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill establishes a pipeline where natural language input is converted into executable blockchain transactions.
  • Ingestion points: bankrClient.promptAndWait({ prompt: ... }) used in bankr-client.ts and executor.ts.
  • Boundary markers: Absent. The code does not use delimiters or instructions to prevent the AI from following commands embedded within the prompt data.
  • Capability inventory: executeTransaction in executor.ts provides a high-privilege write capability, allowing the signing and broadcasting of arbitrary transactions (to, data, value, gas) using the BANKR_PRIVATE_KEY.
  • Sanitization: No sanitization or validation of the generated transaction data (like address whitelisting or value limits) is implemented before execution.
  • Unverifiable Dependencies (MEDIUM): The project depends on @bankr/sdk, an external package from an untrusted source, to handle core logic and transaction generation.
  • Credential Security (INFO): The skill follows the best practice of using environment variables (BANKR_PRIVATE_KEY) for secrets, though the presence of a payment wallet key in an AI-driven automation context remains a high-value target.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 06:45 PM