Skills
skills/askeluv/nansen-cli/nansen-profiler/Gen Agent Trust Hub

nansen-profiler

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the nansen-cli package from the NPM registry to provide the necessary command-line interface for blockchain analytics.
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute a variety of research commands, including balance lookups, PnL analysis, and transaction tracing.
  • [PROMPT_INJECTION]:
  • Ingestion points: Untrusted user data (e.g., wallet addresses, search queries, and local file paths) is accepted via parameters in the SKILL.md documentation.
  • Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from interpreting user-provided strings as executable command flags or operators.
  • Capability inventory: The skill has authorized access to the Bash tool to perform subprocess execution for all featured profiling tasks.
  • Sanitization: No explicit sanitization or escaping logic is described for interpolating user variables like <addr> or <query> into the bash shell commands, creating an indirect injection vulnerability.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:03 PM