nexus-sdk-hooks-events
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill configures an agent to ingest untrusted data (blockchain transaction intents) and gives it the high-privilege capability to execute financial transactions via allow() hooks. (1) Ingestion points: External data enters the agent context through the setOnIntentHook, setOnAllowanceHook, and setOnSwapIntentHook callbacks described in SKILL.md. (2) Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from obeying instructions embedded within the intent or sources metadata fields. (3) Capability inventory: The agent can authorize transactions, bridge assets, and modify allowances using the data.allow() method. (4) Sanitization: Absent. The documentation does not specify any validation or sanitization of external transaction data before it is presented to or processed by the agent.
- [Unverifiable Dependencies] (MEDIUM): The skill references the @avail-project/nexus-core package, which is not from a pre-approved trusted source organization.
Recommendations
- AI detected serious security threats
Audit Metadata