Skills
skills/casualsecurityinc/xno-skills/nano-validate-address/Gen Agent Trust Hub

nano-validate-address

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses bunx, pnpm dlx, and npx to run commands from the xno-skills package for address validation and QR code generation.- [EXTERNAL_DOWNLOADS]: The skill downloads the xno-skills@latest package from the npm registry to execute CLI verbs.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by passing user-supplied address strings directly into shell commands.
  • Ingestion points: User-provided address strings as seen in the CLI examples in SKILL.md.
  • Boundary markers: No boundary markers or ignore-embedded-instructions warnings are present for the command arguments.
  • Capability inventory: Use of bunx, pnpm, and npx to execute shell commands in SKILL.md.
  • Sanitization: No input sanitization or validation of the address string is performed before it is passed to the shell.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 05:24 AM