signals

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit instructions and examples that place API keys directly into config files and curl headers (e.g., X-API-Key: bk_YOUR_KEY, config.json with apiKey), meaning an LLM generating those commands or code would need to output secret values verbatim — a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (e.g., HEARTBEAT.md and SKILL.md) explicitly instructs the agent to poll public endpoints like https://bankrsignals.com/api/feed and https://bankrsignals.com/api/leaderboard (and accept webhook notifications) to consume user-published signals and reasoning, and those untrusted, user-generated signals are then used to drive copy-trading and other agent actions, so third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents at runtime to "Fetch https://bankrsignals.com/heartbeat.md and follow it", meaning remote content at https://bankrsignals.com/heartbeat.md is fetched during execution and can directly control agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for crypto trading on the Base blockchain and includes wallet provisioning and a signing API (Bankr Agent API). It documents obtaining an API key (bk_...), provisioning EVM and Solana wallets, and calling a specific sign endpoint (https://api.bankr.bot/agent/sign) to produce EIP-191 signatures and signer addresses. The docs also reference "Sign & Submit API", "Leverage Trading", executing trades on Base, and workflows for publishing/closing trades with transaction hashes and collateral amounts. These are specific crypto/blockchain wallet and signing capabilities (i.e., crypto financial execution tools), not generic API or browser automation.