Skills
skills/paulrberg/dot-agents/etherscan-api/Gen Agent Trust Hub

etherscan-api

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the curl utility to perform balance queries against the Etherscan API.
  • [COMMAND_EXECUTION]: Utilizes the bc (Basic Calculator) utility to convert balances from Wei to human-readable units (e.g., ETH or USDC).
  • [EXTERNAL_DOWNLOADS]: Fetches unified documentation from https://docs.etherscan.io/llms.txt using WebFetch when capabilities beyond balance queries are requested.
  • [DATA_EXPOSURE]: Uses the ETHERSCAN_API_KEY environment variable for authentication, passing it as a query parameter to the Etherscan API endpoint.
  • [PROMPT_INJECTION]: Implements a surface for indirect prompt injection by fetching and processing instructions from an external documentation source (docs.etherscan.io).
  • Ingestion points: User-provided wallet addresses and external documentation fetched via WebFetch in SKILL.md.
  • Boundary markers: None explicitly defined to separate user input or fetched documentation from instructions.
  • Capability inventory: Performs network operations via curl and WebFetch in SKILL.md.
  • Sanitization: No sanitization is performed on the content of the fetched documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:48 PM