nexus-sdk-balances-metadata-utils
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): An indirect prompt injection surface was identified. Evidence Chain: 1. Ingestion points: Untrusted data enters via
sdk.getMyIntents()inSKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill utilizes SDK methods for fetching balances and intents and performs utility formatting. 4. Sanitization: No evidence of sanitization or validation for the fetched data is provided. - [NO_CODE] (SAFE): The skill contains only documentation and instructional content in
SKILL.md. No executable scripts, binaries, or configuration files were included in the submission.
Audit Metadata