wallet-analysis
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The instructions encourage users to export highly sensitive credentials, specifically
SOLANA_PRIVATE_KEYandZERION_API_KEY, into environment variables for authentication. Storing private keys in the environment is a dangerous practice as they can be accessed by any process or script running in the same context. - [EXTERNAL_DOWNLOADS]: The skill facilitates data retrieval from Zerion's official API at
api.zerion.ioand references documentation and a hosted MCP server atdevelopers.zerion.io. - [COMMAND_EXECUTION]: Multiple examples provided in the documentation use the
curlcommand to perform network requests, which includes the injection of credentials stored in shell variables. - [PROMPT_INJECTION]: The skill exhibits metadata poisoning; the YAML frontmatter identifies the author as 'Zerion', which contradicts the actual author identified as 'sendaifun'. This impersonation can lead users to falsely believe the skill is an official product of the service provider.
- [SAFE]: The skill processes untrusted data from external blockchain records via the Zerion API, creating a surface for indirect prompt injection.
- Ingestion points: External wallet data is fetched from
api.zerion.io(SKILL.md). - Boundary markers: No specific delimiters or safety instructions are provided to the agent for handling the retrieved data.
- Capability inventory: The skill utilizes shell commands (
curl) to interact with the API. - Sanitization: The instructions do not define validation or sanitization steps for the data returned by the external API.
Audit Metadata