aeon-skill-security-scan
Scans installed Bankr skills for security vulnerabilities, ensuring safe execution by detecting risks like shell injection and secret exfiltration.
Install this skill
or
25/100
Security score
The aeon-skill-security-scan skill was audited on May 25, 2026 and we found 7 security issues across 4 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
medium line 7
Webhook reference - potential data exfiltration
SourceSKILL.md
| 7 | webhook SSRF hosts). Designed to integrate with Bankr Safety Scores. Silent on no-op runs; |
medium line 34
Webhook reference - potential data exfiltration
SourceSKILL.md
| 34 | | Obfuscation | U+200B / U+FEFF / U+202E (Trojan Source), base64-decode-into-shell, SSRF hosts (ngrok, interact.sh, webhook.site, pipedream). | |
high line 34
Ngrok tunnel reference
SourceSKILL.md
| 34 | | Obfuscation | U+200B / U+FEFF / U+202E (Trojan Source), base64-decode-into-shell, SSRF hosts (ngrok, interact.sh, webhook.site, pipedream). | |
high line 5
Prompting for password/secret input
SourceSKILL.md
| 5 | shell injection, secret exfiltration, path traversal, prompt-override payloads, destructive |
medium line 6
Base64 decode operation
SourceSKILL.md
| 6 | commands, and 2026-era obfuscation (zero-width Unicode, bidi override, base64-decode pipes, |
medium line 34
Base64 decode operation
SourceSKILL.md
| 34 | | Obfuscation | U+200B / U+FEFF / U+202E (Trojan Source), base64-decode-into-shell, SSRF hosts (ngrok, interact.sh, webhook.site, pipedream). | |
critical line 32
Prompt injection: ignore instructions
SourceSKILL.md
| 32 | | Prompt override | "Ignore previous instructions", persona swaps, instructions inside fetched content. | |
Scanned on May 25, 2026
View Security Dashboard