veil

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill submits prompts and unsigned transaction JSON to Bankr’s public Agent API and polls/consumes the returned JSON (see scripts/veil-bankr-prompt.sh and veil-bankr-submit-tx.sh / veil-bankr-submit-tx.sh -> veil-bankr-prompt.sh), so the agent reads and acts on untrusted third-party responses.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts veil-bankr-prompt.sh and veil-bankr-submit-tx.sh send prompts and unsigned transaction JSON at runtime to the Bankr Agent API (default https://api.bankr.bot), which performs remote signing/submission and thus can execute remote actions that directly control the agent workflow required for the "deposit via Bankr" feature.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency financial operations. It manages Veil keypairs (wallet keys), builds and submits deposits, and executes private actions like withdraw, transfer, and merge using the VEIL_KEY and ZK-proof flows. It also integrates with Bankr for signing/submitting transactions and references a Bankr API key config. These are direct crypto transaction and signing capabilities (wallet management + transaction submission), which constitute direct financial execution.