emblem-ai-agent-wallet
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@emblemvault/agentwalletpackage via npm. This is a vendor-owned package hosted on the public npm registry and is essential for the skill's operation. - [COMMAND_EXECUTION]: The skill invokes the
emblemaicommand-line utility to perform wallet management, portfolio queries, and blockchain transactions. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes natural language input to execute high-stakes blockchain operations. * Ingestion points: User or agent-provided messages passed to the CLI using the
-mor--messageflags. * Boundary markers: No specific delimiters are documented for separating instructions from data in the command-line arguments. * Capability inventory: The tool can execute swaps, transfers, DeFi operations, and sign transactions across multiple chains including Solana, Ethereum, and Bitcoin. * Sanitization: The skill implements a 'Safe Mode' by default, which functions as a critical human-in-the-loop control requiring explicit confirmation for any action that modifies the wallet state.
Audit Metadata