nexus-sdk-balances-metadata-utils
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified. 1. Ingestion points:
sdk.getMyIntents()in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: None within the skill itself. 4. Sanitization: Not specified in instructions. - [DATA_EXFILTRATION] (LOW): The skill references a network operation to a non-whitelisted domain (Coinbase) for fiat rates via
sdk.utils.getCoinbaseRates(). - [NO_CODE] (SAFE): The skill consists solely of markdown documentation and contains no scripts, binaries, or configuration files.
- [SAFE] (SAFE): No obfuscation, hardcoded credentials, or malicious behavioral patterns were detected in the skill instructions.
Audit Metadata