Bankr x402 SDK - Transaction Builder
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted natural language data and converts it into executable blockchain transactions, providing a direct path for attackers to trigger unauthorized financial actions.
- Ingestion points: The
client.promptAndWaitfunction takes direct user prompts as input (SKILL.md). - Boundary markers: No delimiters or explicit 'ignore embedded instructions' warnings are used in the prompt handling logic.
- Capability inventory: The skill has the capability to build and execute transfers, NFT purchases, and cross-chain bridges via
wallet.sendTransaction(SKILL.md). - Sanitization: No sanitization or verification logic is present to validate the destination address or amount before transaction execution.
- [Unverifiable Dependencies] (MEDIUM): The skill requires the
@bankr/sdkpackage. - Source: The package is a third-party dependency and does not belong to the pre-approved list of trusted organizations or repositories.
- [Command Execution] (LOW): While not direct OS commands, the skill generates and executes transactions on a blockchain which represents a high-impact side effect similar to code execution.
Recommendations
- AI detected serious security threats
Audit Metadata