nexus-sdk-integration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill instructs the user to install '@avail-project/nexus-core'. The '@avail-project' organization is not listed as a trusted source, presenting a risk of supply chain vulnerabilities or dependency confusion.
- [Indirect Prompt Injection] (LOW): The skill defines an attack surface by accepting untrusted user inputs (wallet details, network configuration) to generate integration logic. 1. Ingestion points: Target runtime, network selection, and wallet connection details. 2. Boundary markers: Absent. 3. Capability inventory: Orchestrates subskills and recommends command execution for package installation. 4. Sanitization: Not specified in the provided instructions.
Audit Metadata