veil

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly submits prompts and transaction payloads to the Bankr Agent API (see scripts/veil-bankr-prompt.sh and scripts/veil-bankr-submit-tx.sh which call api.bankr.bot or the bankr CLI) and consumes the agent's JSON responses as part of signing/submission and address-resolution workflows, which is untrusted third-party content that can materially affect subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts (scripts/veil-bankr-prompt.sh and related submit/poll scripts) call the Bankr Agent API at https://api.bankr.bot at runtime to submit prompts and receive job results that can sign and submit transactions, so remote content from that URL directly controls actions/execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency financial operations. It manages Veil keypairs (wallet keys), builds and submits deposits, and executes private actions like withdraw, transfer, and merge using the VEIL_KEY and ZK-proof flows. It also integrates with Bankr for signing/submitting transactions and references a Bankr API key config. These are direct crypto transaction and signing capabilities (wallet management + transaction submission), which constitute direct financial execution.