nansen-wallet-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
nansen-clipackage via npm. This is an official vendor package provided by nansen-ai and is expected for the skill's functionality. - [COMMAND_EXECUTION]: The skill uses the
nansenCLI to perform blockchain research. Allowed commands are restricted to thenansennamespace, reducing the risk of unauthorized shell command execution. - [PROMPT_INJECTION]: The skill reads external blockchain data which may contain malicious instructions designed to influence the agent's behavior. • Ingestion points: Wallet labels, ENS names, and transaction history retrieved from the Nansen API via SKILL.md. • Boundary markers: None are present in the command templates. • Capability inventory: The agent is limited to data retrieval via the
nansentool and cannot write files or execute arbitrary code. • Sanitization: External data is passed to the agent without filtering or escaping.
Audit Metadata