Skills
skills/nansen-ai/nansen-skills/nansen-token/Gen Agent Trust Hub

nansen-token

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to wrap the nansen CLI binary, executing subcommands such as token screener, token holders, and token pnl to retrieve blockchain data.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface, as it interpolates user-provided token addresses, symbols, and date ranges into shell commands.
  • Ingestion points: User-supplied values for the --token, --search, and --date parameters defined in SKILL.md.
  • Boundary markers: There are no explicit delimiters used to isolate user-provided data within the command strings.
  • Capability inventory: The skill can execute the nansen binary and utilize curl for network requests to the vendor's API.
  • Sanitization: No input sanitization or validation logic is present in the skill definition to filter malicious inputs.
  • [EXTERNAL_DOWNLOADS]: The skill references the official Nansen API (api.nansen.ai) for token information and requires the nansen binary to be present on the system, which are legitimate vendor resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 03:16 AM