botcoin-miner
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local system commands
curl,jq,openssl, anduuidgento interact with remote APIs, parse JSON responses, and generate nonces for cryptographic signing. - [DATA_EXFILTRATION]: The skill requires the
BANKR_API_KEYenvironment variable, which it transmits in HTTP headers toapi.bankr.botandcoordinator.agentmoney.net. This is the intended authentication mechanism for the protocol and its dependencies. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion.
- Ingestion points: The agent fetches a prose document (
doc) and specific questions from the vendor's coordinator athttps://coordinator.agentmoney.net/v1/challenge. - Boundary markers: While the skill provides instructions to the LLM to output a single-line artifact, it lacks explicit boundary markers or instructions to disregard potential malicious directives embedded within the ingested prose document.
- Capability inventory: The skill possesses significant capabilities, including the ability to submit raw transactions and natural language prompts to the Bankr wallet API (
api.bankr.bot/agent/submitandapi.bankr.bot/agent/prompt), which could be abused if the agent is successfully manipulated. - Sanitization: There is no evidence of sanitization or filtering of the challenge document content before it is processed by the LLM.
Audit Metadata