Skills
skills/zeeshan8281/eigen-skills/eigen-avs/Gen Agent Trust Hub

eigen-avs

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect prompt injection surface via the EigenExplorer API. The skill processes external blockchain data (e.g., AVS names, operator descriptions) that could contain malicious instructions designed to influence agent behavior.
  • Ingestion points: API responses from api.eigenexplorer.com and api-holesky.eigenexplorer.com processed in scripts/avs-api.js and SKILL.md.
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the fetched data.
  • Capability inventory: Shell execution via curl and network access via the axios library.
  • Sanitization: Absent; the agent is explicitly instructed to format and present the raw API results to the user.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to api.eigenexplorer.com. While this domain is specific to the skill's primary purpose, it is not on the predefined list of whitelisted domains.
  • [COMMAND_EXECUTION] (SAFE): Use of curl is instructed for legitimate data retrieval from the service provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 11:47 PM