veil

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends prompts and transaction payloads to the third‑party Bankr Agent API (scripts/veil-bankr-prompt.sh, veil-bankr-submit-tx.sh, and veil-deposit-via-bankr.sh) and relies on external RPC providers/GitHub SDKs, so it ingests and acts on untrusted external responses that can materially affect signing/submission behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts call the Bankr Agent API at runtime (default API_URL https://api.bankr.bot) via curl (veil-bankr-prompt.sh / veil-bankr-submit-tx.sh), which submits prompts and receives job results (including signing/submission operations), so an external service can directly control responses and perform actions for Bankr-backed flows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto transaction tool: it wraps the @veil-cash/sdk to manage Veil keypairs, build and submit Bankr-compatible deposit transactions, and perform private on-chain actions (withdraw, transfer, merge) using a VEIL_KEY and ZK proof flow. It also references Bankr Agent API signing & submission and provides scripts to deposit and withdraw ETH. These are specific wallet/transaction signing and submission capabilities (crypto/blockchain wallets and transaction execution), so it is directly designed to move funds.