wallet-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'zerion' command-line tool via the NPM registry (npm install -g zerion). The package is owned by the author of the skill (zeriontech).
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various 'zerion' CLI commands for wallet portfolio analysis, position tracking, and transaction history retrieval.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and displays untrusted data from the blockchain (such as ENS names or transaction metadata) which could contain malicious instructions. 1. Ingestion points: Blockchain data retrieved via 'zerion analyze', 'zerion history', and 'zerion positions' commands. 2. Boundary markers: No delimiters or warnings are used to isolate untrusted blockchain data. 3. Capability inventory: The skill utilizes the Bash tool for system-level CLI interaction. 4. Sanitization: The instructions do not define any sanitization or validation for the data retrieved from external blockchain APIs.
Audit Metadata