veil
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill implements secure local storage for sensitive Veil keys, using environment files with restricted permissions (chmod 600) to protect against unauthorized access.
- [COMMAND_EXECUTION]: The skill wraps the
@veil-cash/sdkCLI tool to execute shielded transactions. This is the primary intended function of the skill and is performed using local script execution. - [EXTERNAL_DOWNLOADS]: All external dependencies are standard tools or libraries. The user is instructed to install them from official repositories, and the skill does not perform any unverified background downloads.
- [DATA_EXFILTRATION]: Outbound network traffic is directed to the user's RPC provider and the vendor's Bankr API (api.bankr.bot). These communication channels are necessary for the skill's functionality and are documented neutrally.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where user-provided input is interpolated into requests sent to the Bankr Agent API.
- Ingestion points: Arguments passed to
scripts/veil-bankr-prompt.shand transaction JSON inscripts/veil-bankr-submit-tx.sh. - Boundary markers: Some scripts use a prefix to instruct the recipient API not to change fields, but most forward raw input.
- Capability inventory: Network access via
curland local command execution via the Veil CLI. - Sanitization: Data is JSON-escaped for transport, but the skill does not sanitize content for adversarial instructions directed at the downstream API.
Audit Metadata