The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes several shell scripts (bankr.sh, bankr-submit.sh, bankr-status.sh, and bankr-cancel.sh) to interface with its core service. These scripts rely on the local presence of curl for networking and jq for secure JSON processing and construction.
[EXTERNAL_DOWNLOADS]: All network operations are directed to the vendor's official API at https://api.bankr.bot. This endpoint is used for submitting natural language prompts and polling for the status of asynchronous jobs.
[PROMPT_INJECTION]: An indirect prompt injection attack surface exists due to the combination of untrusted data ingestion and powerful tool capabilities.
Ingestion points: The skill retrieves and processes content from external environments that may be attacker-controlled, such as NFT collection metadata from OpenSea (references/nft-operations.md), event descriptions from Polymarket (references/polymarket.md), and social metrics during market research.
Boundary markers: There are no explicit delimiters or specific 'ignore-embedded-instructions' warnings in the provided logic to prevent the agent from accidentally obeying instructions found within these external data sources.
Capability inventory: The agent possesses significant capabilities, including cross-chain token transfers, liquidity provision, and the execution of arbitrary raw transactions with custom calldata on EVM-compatible chains.
Sanitization: While the skill correctly uses jq to sanitize the user's initial prompt for JSON transport, it lacks a mechanism to filter or sanitize potential instructions embedded in the data returned by the API before that data influences the agent's next action.

bankr