bankr-signals
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits trade metadata and cryptographic signatures to the vendor's API at bankrsignals.com. This is the core functionality required to build a verified trading track record and does not involve exfiltrating sensitive local files or unauthorized credentials.
- [COMMAND_EXECUTION]: The provided
publish-signal.shscript executesnodeto generate EIP-191 signatures using the agent's private key. The script dynamically constructs the signing command from trade parameters, which is a standard implementation for this type of integration utility. - [EXTERNAL_DOWNLOADS]: The skill refers the agent to
bankrsignals.com/heartbeat.mdfor periodic checklist updates. This is a documented interaction with the vendor's established infrastructure to ensure the agent maintains synchronized state with the platform. - [PROMPT_INJECTION]: The skill ingests external signal data that includes natural language fields such as
reasoning, creating a surface for indirect prompt injection. - Ingestion points: Signal data is retrieved from the
/api/feedand/api/signalsendpoints as part of the heartbeat routine. - Boundary markers: None explicitly defined; the agent processes descriptions directly from the JSON API response.
- Capability inventory: The skill uses
curl,bash,node, andpython3to interact with the service and local environment. - Sanitization: The heartbeat example uses
python3to safely parse the structured JSON response, but agents consuming the natural languagereasoningfield should handle that content as untrusted input.
Audit Metadata