Skills
skills/askeluv/nansen-cli/nansen-batch-wallet/Gen Agent Trust Hub

nansen-batch-wallet

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the nansen CLI tool using shell variables $ADDRESSES and $CHAIN. The variable $CHAIN is used without quotes, and while $ADDRESSES is quoted, both remain susceptible to shell injection (e.g., via backticks or command substitution) if the agent does not sanitize the user-provided inputs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data (wallet addresses) which is then interpolated directly into a shell command capability.
  • Ingestion points: The ADDRESSES and CHAIN variables in SKILL.md used for the shell command.
  • Boundary markers: None identified; there are no delimiters or instructions to ignore embedded commands in the input data.
  • Capability inventory: Subprocess execution via the shell command nansen research profiler batch.
  • Sanitization: No sanitization or validation of the input strings is performed within the provided script.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:22 PM