base-trader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues Bankr queries that fetch public on-chain and social data (e.g., "What tokens are trending on Base?", "What's the sentiment on TOKEN?", "Show me social mentions for TOKEN?") and explicitly instructs checking public sources like Basescan, Crypto Twitter and Telegram, so the agent will ingest and interpret untrusted, user-generated third‑party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an autonomous crypto trader wired to the Bankr API for the Base chain. It requires a configured Bankr wallet and ETH for gas, includes concrete commands and scripts that perform buys, sells, set stop-losses, DCA, and other trade executions (e.g., ~/clawd/skills/bankr/scripts/bankr.sh "Buy $25 of TOKEN on Base", "Sell 25% of my TOKEN on Base", "Set stop loss for TOKEN at -15%"). These are specific payment/crypto transaction capabilities (wallet usage, signing/executing trades) whose primary purpose is moving funds/crypto. Therefore it grants Direct Financial Execution Authority.