bankr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask for OTPs and API/API-LLM keys and to construct/execute commands embedding them verbatim (e.g., --code , --api-key bk_... or X-API-Key headers), forcing the LLM to handle and output secret values.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third-party content (e.g., Twitter feeds via GET /agent-profiles/:identifier/tweets, OpenSea/mint page URLs in references/nft-operations.md, and CoinGecko market-cap updates noted in references/agent-profiles.md) and uses that social/web data as part of market-research, sentiment analysis, NFT purchase and trading workflows that can materially influence agent decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading and wallet agent with built-in write capabilities: it provisions wallets, performs token swaps, bridges, transfers, limit/stop-loss orders, leverage trading, Polymarket bets, token deployments, and can sign and submit raw transactions. The API/CLI exposes /agent/sign and /agent/submit endpoints and a read-write API key flag that enables swaps, transfers, orders and token launches. These are specific financial execution tools (sending transactions, placing market/limit orders, transferring funds), not generic utilities—so it grants direct financial execution authority.