veil
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the Veil SDK using node on paths derived from the user's workspace environment. Evidence: scripts/_common.sh defines SDK_REPO using the user's home directory, and scripts/veil-init.sh executes node on files within that path.
- [DATA_EXFILTRATION]: Transmits transaction data and prompts to the vendor's official API at api.bankr.bot. Evidence: scripts/veil-bankr-prompt.sh uses curl to send data to the author's official API endpoint for processing.
- [PROMPT_INJECTION]: The skill acts as a bridge to the Bankr Agent API, creating a surface for indirect prompt injection. Evidence Chain: Ingestion points: Arbitrary input accepted via command-line arguments in scripts/veil-bankr-prompt.sh. Boundary markers: No delimiters or protective instructions are used when wrapping the prompt for the API call. Capability inventory: The skill has network access via curl and local execution via node. Sanitization: Input is JSON-encoded using jq, but the underlying text is not filtered for malicious instructions.
- [CREDENTIALS_UNSAFE]: Accesses the Bankr skill configuration file to retrieve the API key for authentication. Evidence: scripts/_common.sh and scripts/veil-bankr-prompt.sh read ~/.clawdbot/skills/bankr/config.json. This is cross-skill access to vendor-managed credentials.
Audit Metadata