symbiosis
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local sensitive files to manage user credentials.\n
- Evidence: The script
scripts/symbiosis-swap.pyreads the user's API key from~/.bankr/config.json. This key is used to authenticate requests to the Bankr Submit API to execute transactions.\n- [EXTERNAL_DOWNLOADS]: The skill interacts with third-party service endpoints to fulfill swap requests.\n - Evidence: Requests are made to
https://api-v2.symbiosis.finance/crosschain/v1/swapto retrieve quotes and transaction payloads. This is a well-known service but remains an external dependency.\n- [COMMAND_EXECUTION]: The skill relies on the execution of Python scripts to bridge wallet functionality with the Symbiosis protocol.\n - Evidence: The agent is instructed to run
scripts/symbiosis-quote.pyandscripts/symbiosis-swap.pylocally. These scripts use standard libraries to perform network operations and submit blockchain transactions.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to processing untrusted data.\n - Ingestion points: User-supplied token addresses, amounts, and chain IDs derived from prompts and instructions in
SKILL.md.\n - Boundary markers: No specific delimiters or warnings are used to sanitize or isolate user-provided inputs.\n
- Capability inventory: The skill utilizes
bankr_submitinscripts/symbiosis-swap.pyto execute transactions on behalf of the user.\n - Sanitization: No explicit input validation or escaping is observed in the provided scripts before interpolation into API payloads.
Audit Metadata