nansen-core
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
nansen-clipackage vianpm install -g. This is the official command-line tool provided by the vendor, nansen-ai. - [COMMAND_EXECUTION]: The skill executes local system commands to verify environment readiness (
which nansen,nansen --version) and manage user authentication (nansen login). - [COMMAND_EXECUTION]: The skill utilizes
nansen schemato dynamically discover available commands and parameters, which allows the agent to update its toolset based on the vendor's latest API definitions. - [PROMPT_INJECTION]: The skill processes data retrieved from the CLI, which constitutes an indirect prompt injection surface.
- Ingestion points: Data is ingested through the outputs of
nansen profilerandnansen schema(SKILL.md). - Boundary markers: The instructions explicitly direct the agent to use JSON output for data extraction and provide specific rules for resolving token addresses.
- Capability inventory: The skill has the capability to execute CLI commands and set environment variables (
NANSEN_API_KEY). - Sanitization: No specific sanitization or filtering logic is described for the CLI output within the skill definition.
Audit Metadata