bankr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs pasting and embedding API keys verbatim in commands and headers (e.g., bankr login --api-key bk_THE_KEY, -H "X-API-Key: bk_YOUR_API_KEY"), which requires the agent/LLM to output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and uses open/public third-party content — e.g., OpenSea URLs and Manifold mint pages for NFT browsing/purchasing, Twitter and other social platforms for social sentiment analysis, and Polymarket for market searches — and the agent is expected to read and act on that user-generated/public content as part of its workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading and wallet control agent. It provides specific, purpose-built financial operations: token swaps, buy/sell/limit/stop-loss orders, cross-chain bridging, transfers to addresses/ENS/social handles, Polymarket bets, leverage trading, token deployment, signing transactions/messages, and synchronous submission of raw transactions via /agent/sign and /agent/submit. It also documents API keys with write (agentApiEnabled) vs read-only restrictions and shows direct examples for executing trades and submitting transactions. These are explicit mechanisms to move funds and control on-chain assets (not generic tooling), so it grants direct financial execution authority.