Skills
skills/nansen-ai/nansen-cli/nansen-smart-alerts/Gen Agent Trust Hub

nansen-smart-alerts

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a dedicated command-line tool nansen (installed via the nansen-cli Node.js package) to manage alerts. Execution is restricted to this specific binary via the allowed-tools configuration.
  • [EXTERNAL_DOWNLOADS]: The skill installs the nansen-cli package from a Node.js registry. This package is the official CLI for the vendor 'nansen-ai' and is required for the skill's primary functionality.
  • [CREDENTIALS_UNSAFE]: The skill requires a NANSEN_API_KEY provided through an environment variable. This is a secure and standard method for providing credentials to agent skills, avoiding hardcoded secrets.
  • [PROMPT_INJECTION]: The skill contains a risk of indirect prompt injection as it processes data from external sources (such as alert lists and configuration).
  • Ingestion points: Data is ingested when listing or viewing existing alerts via nansen alerts list.
  • Boundary markers: None present in the instructions.
  • Capability inventory: The agent can create, update, and delete alerts, and send notifications to webhooks (Slack/Discord/Telegram).
  • Sanitization: No explicit sanitization or validation of the data retrieved from the API is described in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 02:59 PM