The Agent Skills Directory

[SAFE]: No malicious patterns such as prompt injection, data exfiltration, or obfuscation were detected during the analysis.
[COMMAND_EXECUTION]: The skill utilizes bash commands for blockchain analysis. Risk is mitigated by the allowed-tools configuration, which limits the agent to executing commands starting with the nansen binary.
[EXTERNAL_DOWNLOADS]: The skill installs the nansen-cli package via Node.js. This is a well-known utility required for the skill's core functionality.
[CREDENTIALS_UNSAFE]: The skill correctly manages authentication by requesting the NANSEN_API_KEY via environment variables rather than using hardcoded secrets.
[PROMPT_INJECTION]: An indirect prompt injection surface exists where user input (<market name>) and external tool outputs are processed. However, the potential impact is constrained by the shell execution sandbox and the lack of sensitive capabilities accessible to the resulting commands.

nansen-polymarket-insider-scan