Skills
skills/coinstatshq/coinstats-cli/coinstats-nft/Gen Agent Trust Hub

coinstats-nft

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the coinstats-cli Node.js package. This is a vendor-owned resource managed by CoinStatsHQ.
  • [COMMAND_EXECUTION]: The skill executes coinstats binary commands to interact with the CoinStats API, including authentication and NFT data retrieval.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from external NFT metadata. Ingestion points: Data returned from coinstats nft commands (e.g., trending lists, wallet assets). Boundary markers: Not explicitly defined in the skill instructions. Capability inventory: Permission to execute bash commands restricted to the coinstats namespace. Sanitization: No specific sanitization or filtering of API responses is implemented in the skill metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:07 PM