bankr-signals
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with vendor-owned domains bankrsignals.com and bankr.bot for API operations. These resources originate from the skill author's infrastructure and are used for signal retrieval and wallet management.
- [COMMAND_EXECUTION]: Utilizes bash scripts and heartbeat cycles to execute curl, node, and python3 commands for blockchain data interaction and cryptographic signing. These commands are restricted to the skill's stated purpose and do not perform unauthorized system modifications.
- [PROMPT_INJECTION]: The skill maintains an attack surface for indirect prompt injection (Category 8) by consuming external signal data.
- Ingestion points: HEARTBEAT.md (Step 3) fetches data from the /api/feed endpoint.
- Boundary markers: Absent; signals are processed as raw JSON objects without explicit instruction delimiters.
- Capability inventory: scripts/publish-signal.sh and HEARTBEAT.md employ subprocess calls (curl, node, jq) to publish and process signals.
- Sanitization: Structural validation is performed via json.load in HEARTBEAT.md, but the skill does not implement specific content filtering for strings within the signal data fields.
Audit Metadata