Skills
skills/zeriontech/zerion-ai/zerion-sign/Gen Agent Trust Hub

zerion-sign

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the zerion-cli package globally via the NPM registry. This package is the official command-line interface provided by the vendor.
  • [COMMAND_EXECUTION]: Utilizes the Bash tool to execute zerion commands for signing messages and typed data objects. This is the primary method of operation for the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from messages, typed-data JSON strings, or external files to produce cryptographic signatures.
  • Ingestion points: Untrusted data enters the agent context through the --message, --data, and --file arguments in the sign-message and sign-typed-data commands (SKILL.md).
  • Boundary markers: None identified in the prompt instructions to delineate untrusted data from the signing instructions.
  • Capability inventory: The skill uses the Bash tool to execute signing operations which have direct security implications for the user's blockchain assets.
  • Sanitization: No automated sanitization is performed by the skill code; however, the documentation provides explicit security guidance for users to manually verify domains, primary types, and contract addresses before proceeding with a signature.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:53 PM