blockscout-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to generate and execute ad-hoc scripts in Python or Node.js to perform deterministic data processing and multi-step blockchain analysis as described in the 'Execution strategy' and 'Ad-hoc Scripts' sections of SKILL.md.
- [EXTERNAL_DOWNLOADS]: The skill permits the agent to install third-party packages if standard libraries and MCP tools are insufficient for its generated scripts, as noted in the 'Ad-hoc Scripts' section of SKILL.md.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface when processing data from the blockchain (e.g., token names, NFT metadata) and provides security requirements to mitigate this risk. 1. Ingestion points: API responses from Blockscout endpoints (SKILL.md). 2. Boundary markers: Explicit instructions to separate user intent from API data (SKILL.md). 3. Capability inventory: Execution of ad-hoc scripts and network operations (SKILL.md). 4. Sanitization: Mandatory summarization or sanitization of external data before processing (SKILL.md).
Audit Metadata