nano-block-lattice-expert
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch the
xno-skillspackage and the@open-wallet-standard/corelibrary from public npm registries during execution. - [REMOTE_CODE_EXECUTION]: The instructions mandate the use of the
@latesttag (e.g.,bunx -y xno-skills@latest) when executing commands. This practice runs unpinned code from a remote source, creating a supply chain vulnerability where an update to the package could change the agent's behavior without review. - [COMMAND_EXECUTION]: The skill provides explicit patterns for the agent to execute shell commands using
bunx,pnpm, ornpxto interact with the protocol and manage wallets. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from the Nano blockchain, such as transaction history and account states via RPC calls.
- Ingestion points: Account history and state verification via RPC (
history,account-balance). - Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded in transaction data.
- Capability inventory: The agent has access to shell execution (
xno-skillsCLI) and wallet operations (ows). - Sanitization: None mentioned for data retrieved from the blockchain ledger.
Audit Metadata