Skills
skills/availproject/nexus-elements/nexus-sdk-bridge-flows/Gen Agent Trust Hub

nexus-sdk-bridge-flows

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill facilitates the processing of untrusted external data (e.g., token symbols, recipient addresses, and contract data) which is subsequently used in sensitive operations such as fund transfers and contract executions.
  • Ingestion points: Parameters in bridge, bridgeAndTransfer, bridgeAndExecute, and execute flows (e.g., recipient, data, token).
  • Boundary markers: Absent; no instructions are provided to the agent to ignore or sanitize embedded instructions within user-provided data.
  • Capability inventory: High-risk capabilities including sdk.execute, sdk.bridgeAndExecute, and sdk.bridgeAndTransfer which can move assets or call arbitrary smart contracts.
  • Sanitization: Absent; the documentation does not specify any validation or sanitization steps for the input hex data or addresses.
  • [Obfuscation] (SAFE): No obfuscated content, zero-width characters, or homoglyphs were detected in the skill content.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or access to sensitive local file paths (like SSH keys or AWS configs) were found.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not perform any external package installations or execute remote scripts at runtime.
  • [Privilege Escalation] (SAFE): No commands requesting administrative or root privileges (e.g., sudo) were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 08:39 AM