emblem-memecoin-scout
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the "@emblemvault/agentwallet" Node.js package, which provides the necessary "emblemai" CLI for blockchain interactions.
- [COMMAND_EXECUTION]: The provided "scripts/memecoin-scan.sh" script executes the "emblemai" command-line tool with hardcoded arguments to perform automated scans of various token launch platforms.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted content from external decentralized finance (DeFi) APIs and token launchpads.
- Ingestion points: Data is retrieved from external sources including Pump.fun, LaunchLab, Clanker, and Hedera via tools like "getPumpFunTokens" and "baseFindClankerTokens" as documented in "SKILL.md".
- Boundary markers: The instructions do not define specific delimiters or security wrappers to isolate external token metadata from agent instructions.
- Capability inventory: The skill possesses the ability to execute shell commands via the "emblemai" CLI tool, which is used to process the retrieved data.
- Sanitization: No explicit sanitization, validation, or escaping of fetched token data is described before the information is passed back into the agent context.
Audit Metadata