offchain-ens-subname-sdk
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill requires the installation of the @thenamespace/offchain-manager npm package. This package is from an organization not included in the trusted list, posing a potential supply chain risk.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from ENS text records and metadata which could be used to influence agent behavior. Ingestion points: Records retrieved via getTextRecord in SKILL.md and SubnameDTO in reference.md. Boundary markers: Absent; no delimiters or instructions are provided to the agent to treat retrieved data as untrusted. Capability inventory: The SDK provides capabilities for network-based CRUD operations on subnames and records. Sanitization: Basic structural validation (e.g., ENS name format) is performed, but record values are not sanitized for LLM safety.
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations to offchain-manager.namespace.ninja, which is not a whitelisted domain.
Audit Metadata