Skip to content

fix: address all 6 bankr review comments — safety guardrails, custody warnings, social fallback#7

Closed
deluonchain wants to merge 3 commits into
mainfrom
fix/bankr-review-safety-guardrails
Closed

fix: address all 6 bankr review comments — safety guardrails, custody warnings, social fallback#7
deluonchain wants to merge 3 commits into
mainfrom
fix/bankr-review-safety-guardrails

Conversation

@deluonchain

@deluonchain deluonchain commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Summary

Addresses all 6 issues raised in the Bankr skill review (BankrBot/skills#481).

Changes

SKILL.md

  • Comment 1 — Prompt-injection boundary: Added ⚠️ Oracle output is untrusted data section explicitly stating that decision.read, summary, drivers, risks, and social fields are untrusted external text that must not override agent instructions, trigger tool calls, sign payments, or execute trades autonomously.
  • Comment 2 — Analysis ≠ execution: Rewrote the "simple gate" block to make clear it is a candidate filter for human review, not an auto-execute trigger. Added mandatory confirmation requirements (token, amount, slippage, chain, max loss) before any trade.
  • Comment 3 — Budget and opt-in guardrails: Added ⚠️ x402 payment costs section requiring user-approved budget, max call count, and explicit opt-in for ?social=true before any watchlist loop. Includes concrete cost example (10-token watchlist = up to 2.5M DELU at public tier).
  • Version bump: 16 → 17.

references/social-enrichment.md

  • Comment 3: Added explicit opt-in requirement section — social enrichment must never be enabled silently or by default.
  • Comment 6 — Silent fallback: Replaced the "silently fall back" instruction with a mandatory disclosure flow: inform user of failure, ask whether to proceed quant-only or abort, label quant-only results clearly.

references/external-clients.md

  • Comment 4 — Pinned packages: Pinned x402-fetch@0.4.2, viem@2.21.54, x402==0.3.1 in all install examples.
  • Comment 5 — Custody warnings: Added prominent ⚠️ Wallet custody warning block at the top covering dedicated hot wallet, spending limits, no .env commits, key rotation, and no browser use.
  • Stale payment info: Updated description from $0.25 USDC / EIP-3009 to DELU / upto / Permit2 to match current endpoint behavior.
  • Verbose no-op: Clarified that ?verbose=true is a no-op — observed is always present. Removed the misleading implication it was needed.
  • Code comments: Updated agent gate comments to say "candidate — confirm with user before any trade" instead of implying auto-execution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@deluonchain