Skills
skills/sickn33/antigravity-awesome-skills/emblemai-crypto-wallet/Gen Agent Trust Hub

emblemai-crypto-wallet

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @emblemvault/agentwallet package via NPM and fetch additional code and instructions from the EmblemCompany/Agent-skills GitHub repository.
  • [COMMAND_EXECUTION]: The setup process involves running npm install and npx skills add, which execute third-party code and modify the execution environment.
  • [DATA_EXFILTRATION]: The skill performs network operations to api.agenthustle.ai to retrieve balance and portfolio data and to execute transactions. This involves sending wallet addresses and potentially sensitive transaction details to an external service.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from blockchain APIs that could contain malicious instructions.
  • Ingestion points: Data retrieved from api.agenthustle.ai (specifically /portfolio and /token endpoints) as described in SKILL.md.
  • Boundary markers: Absent; there are no instructions to the agent to ignore or delimit instructions found within the external data.
  • Capability inventory: The skill possesses high-impact capabilities including token swaps (POST /swap) and transfers (POST /transfer).
  • Sanitization: No sanitization or validation logic is mentioned for the data returned from external blockchain contracts or API endpoints.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 04:30 AM