emblem-ai-agent-wallet
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official '@emblemvault/agentwallet' npm package, which is the primary interface for wallet operations and is maintained by the vendor.
- [COMMAND_EXECUTION]: The skill executes the 'emblemai' CLI tool via shell and Python scripts to perform wallet-related tasks such as checking balances and preparing transactions.
- [DATA_EXFILTRATION]: The skill manages and accesses sensitive configuration files in the user's home directory ('
/.emblemai/.env' and '/.emblemai/session.json') to store encrypted credentials and session tokens. - [PROMPT_INJECTION]: The skill's feature set includes processing external market and social trend data, which presents a surface for indirect prompt injection.
- Ingestion points: External market sentiment and token discovery data feeds.
- Boundary markers: Clear instructions in the documentation mandate that the agent ignore any instructions found in third-party data.
- Capability inventory: Access to wallet private keys (via the CLI) for signing and executing transactions.
- Sanitization: Implementation of a human-in-the-loop requirement for all state-changing operations on the blockchain.
Audit Metadata