Skills
skills/askeluv/nansen-cli/nansen-trading/Gen Agent Trust Hub

nansen-trading

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the nansen-cli package from the NPM registry. The package is maintained by the well-known organization Nansen AI on GitHub.
  • [DATA_EXFILTRATION]: The skill accesses ~/.nansen/.env to retrieve the NANSEN_WALLET_PASSWORD. This constitutes access to a sensitive path, but it is performed as part of the tool's standard credential management for executing trades.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-supplied data into shell commands without sanitization.
  • Ingestion points: User-provided token symbols, contract addresses, and amounts in SKILL.md; output from the nansen trade quote command.
  • Boundary markers: No delimiters are present to isolate untrusted data.
  • Capability inventory: The skill allows executing shell commands through the nansen binary via the Bash(nansen:*) tool.
  • Sanitization: No validation or escaping is applied to user-controlled parameters before command execution.
  • [COMMAND_EXECUTION]: The skill executes shell commands, specifically sourcing an environment file and running the nansen trading CLI, which is the primary purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 09:15 PM