nansen-wallet-attribution
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates shell commands using the
nansenCLI tool by interpolating variables that may originate from untrusted sources. - Ingestion points: Wallet addresses (
$ADDR) and chain identifiers ($CHAIN) are used as parameters throughoutSKILL.mdandREFERENCE.md. - Capability inventory: The skill defines multiple subprocess calls to
nansen research profiler, including automated loops inREFERENCE.mdfor cross-chain analysis. - Sanitization: There are no explicit instructions or regex patterns provided to the agent to validate or sanitize these inputs. If a malicious wallet address or chain name containing shell metacharacters (e.g.,
;,&&,|) is processed, it could lead to arbitrary command execution on the host system. - Boundary markers: The skill does not use delimiters or instructions to prevent the agent from interpreting embedded instructions within the data it processes.
Audit Metadata