nansen-alpha-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the nansen-cli package from the official npm registry. This tool is provided by Nansen, a well-known and reputable blockchain analytics platform.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data from the Nansen API. 1. Ingestion points: The agent reads data from the stdout of nansen research commands executed via the Bash tool. 2. Boundary markers: No delimiters or instructions are used to separate the external data from the agent's internal prompt logic. 3. Capability inventory: The skill is restricted to calling the nansen CLI tool via Bash. 4. Sanitization: There is no evidence of data validation or sanitization for the API responses before they are returned to the agent context.
Audit Metadata