bankr
Warn
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to install the '@bankr/cli' package from the NPM registry and interacts with external endpoints such as api.bankr.bot and llm.bankr.bot.
- [COMMAND_EXECUTION]: The agent is instructed to execute shell commands using the 'bankr' binary to perform high-stakes operations, including wallet management, cross-chain bridging, and transaction signing.
- [CREDENTIALS_UNSAFE]: The skill requires the handling of Bankr API keys ('bk_...'). Documentation guides the user to provide these keys through CLI flags or environment variables, which are then stored locally in a plain-text configuration file at '~/.bankr/config.json'.
- [DATA_EXFILTRATION]: The skill exposes capabilities to sign messages and submit raw EVM transactions with arbitrary calldata. These tools could be leveraged to exfiltrate funds if the agent is compromised by malicious prompts from untrusted data sources.
- [PROMPT_INJECTION]: The 'references/llm-gateway.md' file contains deceptive metadata by listing numerous non-existent AI models as available through its gateway (e.g., 'gpt-5.2', 'claude-opus-4.6', 'gemini-3-pro'). This misinformation overrides a user's or agent's ability to accurately assess the platform's actual features and security profile.
Audit Metadata