nansen-token-research
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the nansen-cli package from the npm registry to provide the necessary command-line tools. Nansen is a well-known service for blockchain analytics.
- [COMMAND_EXECUTION]: The skill utilizes the nansen CLI tool to perform research tasks. Execution is restricted to the nansen binary through the platform tool-allowlist configuration.
- [PROMPT_INJECTION]: The skill exhibits an indirect injection surface by processing user-provided token addresses and symbols which are then used as arguments in shell commands. 1. Ingestion points: Token addresses and symbols provided via --token and --symbol flags in SKILL.md. 2. Boundary markers: Absent in the command templates. 3. Capability inventory: Shell command execution via the nansen CLI. 4. Sanitization: No explicit sanitization or validation of the input strings is performed within the skill instructions.
Audit Metadata