signals
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to periodically fetch and follow instructions from a remote source at https://bankrsignals.com/heartbeat.md to maintain its signal feed.
- [COMMAND_EXECUTION]: The included publish-signal.sh script uses the node command to dynamically execute JavaScript code for EIP-191 signing. Additionally, a Python snippet is used in the heartbeat instructions for processing signal data.
- [CREDENTIALS_UNSAFE]: Integration requires managing a Bankr API key stored in a local JSON file and optionally using a wallet private key in the environment for manual trade signing.
- [DATA_EXFILTRATION]: The skill transmits trading data, transaction hashes, and agent signatures to the vendor-operated API endpoints at bankrsignals.com and api.bankr.bot.
- [PROMPT_INJECTION]: The agent ingests and acts upon signal reasoning and feed data provided by other users, and is instructed to follow instructions from a remote file, representing a surface for indirect prompt injection.
Audit Metadata