veil

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls external Bankr agent endpoints (e.g., scripts/veil-init.sh uses /agent/sign and scripts/veil-bankr-prompt.sh polls /agent/job/...) and ingests their JSON responses to derive VEIL keys and to approve/sign/submit transactions, so untrusted third‑party content from Bankr can directly influence key material and transaction actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes Bankr agent endpoints (default https://api.bankr.bot, e.g. /agent/sign and /agent/prompt) at runtime and uses the returned signatures/responses to derive Veil keys and to submit/approve transactions, so remote content from that URL directly controls prompts and critical operations.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly for executing crypto financial operations on Base via the Veil protocol. It provides key management for Veil keys, builds and submits deposit transactions (including ERC20 approve flows for USDC), and supports withdraw, transfer, and merge operations executed locally using the VEIL_KEY and ZK proof flow. It also integrates with Bankr's Agent API to sign & submit transactions. These are specific, explicit capabilities to move funds (crypto deposits, transfers, withdrawals, approvals), not generic tooling — therefore it grants direct financial execution authority.