nexus-elements-transfer
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill guides users to install
@nexus-elements/transferusingnpx. Since this package is from an external source not included in the pre-defined trusted list, it is flagged as an unverifiable dependency. The severity is reduced to LOW as the installation is the primary intended action of the skill. - DATA_EXPOSURE (SAFE): Analysis of the code templates confirms that while the skill handles sensitive data types like wallet addresses, it does not involve hardcoded secrets, private keys, or patterns suggesting data exfiltration.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill's components handle external data (e.g., recipient addresses). The documentation explicitly outlines validation steps for these inputs, which mitigates risks associated with processing untrusted data in an agentic context.
Audit Metadata