veil

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill queries open/public third‑party endpoints (e.g., RPC_URLs like Alchemy/Infura used by the veil CLI and optional GitHub SDK clone) and calls the Bankr Agent API/CLI (scripts/veil-bankr-prompt.sh and veil-bankr-submit-tx.sh), and the agent is expected to read and act on the returned JSON/text output from those external services as part of its workflow, exposing it to untrusted third‑party content that could carry embedded instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to Bankr's Agent API (default https://api.bankr.bot — used as POST /agent/prompt and GET /agent/job/) to which it submits transaction prompts (e.g., "Submit this transaction...") and relies on that service/response to sign/submit unsigned transactions, so remote content/agent execution directly controls transaction actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency financial operations. It manages Veil keypairs (wallet keys), builds and submits deposits, and executes private actions like withdraw, transfer, and merge using the VEIL_KEY and ZK-proof flows. It also integrates with Bankr for signing/submitting transactions and references a Bankr API key config. These are direct crypto transaction and signing capabilities (wallet management + transaction submission), which constitute direct financial execution.