Skills
skills/ledgerhq/agent-skills/wallet-cli-usage/Gen Agent Trust Hub

wallet-cli-usage

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the wallet-cli tool and explicitly requires disabling the environment sandbox for commands requiring USB access.
  • Evidence: SKILL.md states that 'account discover', 'receive', 'send', 'genuine-check', and 'swap execute' must use 'dangerouslyDisableSandbox: true'.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the official Ledger CLI package from public registries.
  • Evidence: SKILL.md includes installation commands for '@ledgerhq/wallet-cli' using npm, pnpm, yarn, and bun.
  • [PROMPT_INJECTION]: The skill's command construction logic incorporates untrusted user input into shell commands, presenting an indirect prompt injection surface.
  • Ingestion points: User-provided blockchain addresses, amounts, and tickers in SKILL.md.
  • Boundary markers: Delimiters and explicit isolation markers are absent for several command arguments.
  • Capability inventory: Shell command execution via the wallet-cli tool as defined in SKILL.md.
  • Sanitization: No explicit shell-escaping or validation instructions are provided within the skill for the agent to follow when interpolating user data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 03:57 AM
Security Audit — agent-trust-hub — wallet-cli-usage