Skills
skills/bankrbot/claude-plugins/Bankr x402 SDK - Wallet Operations/Gen Agent Trust Hub

Bankr x402 SDK - Wallet Operations

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill documentation reveals a significant indirect prompt injection surface for an agent using this SDK.
  • Ingestion points: Natural language prompts are passed directly into the promptAndWait() and prompt() methods in SKILL.md.
  • Boundary markers: No delimiters or isolation instructions are provided to separate instructions from untrusted user data.
  • Capability inventory: The SDK can execute financial transactions (e.g., 'Swap 0.1 ETH to USDC') and sign micropayments using a private key.
  • Sanitization: The skill does not mention or implement any input sanitization or validation mechanisms for the prompt string.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the use of an external dependency from an unverified source.
  • Evidence: Dependency on the @bankr/sdk package referenced in SKILL.md.
  • Risk: The repository and organization for this SDK are not within the recognized trusted scope, making the package integrity unverifiable during static analysis.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 06:45 PM