bankr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s docs and required workflow show the agent (via the Bankr Agent API) ingests and acts on public third-party content—e.g., social sentiment and Twitter metrics in references/market-research.md, OpenSea listings and mint page URLs in references/nft-operations.md, and Polymarket markets in references/polymarket.md—which are untrusted/user-generated sources that can materially influence trading or execution decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading and DeFi execution agent. It provides direct capabilities to buy/sell/swap tokens, bridge tokens, place market/limit/stop-loss orders, use leverage, place Polymarket bets, send transfers to addresses/ENS/social handles, manage NFTs (purchase/transfer/mint), deploy tokens, and—critically—submit raw transactions / execute calldata / send transaction JSON. It also provisions and manages EVM and Solana wallets and requires an API key with "Agent API" access. These are specific financial execution functions (crypto/blockchain transactions and market orders), not generic tooling.