onchainkit
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill refers to external Node.js packages such as @coinbase/onchainkit and the onchain project initializer. These involve downloading code from the npm registry, which is an external source.
- [COMMAND_EXECUTION] (LOW): The skill provides shell commands for project scaffolding (npm create) and configuration (exporting environment variables). This is typical for development tools but constitutes a surface for command execution.
- [PROMPT_INJECTION] (LOW): The skill features commands like /onchainkit docs that suggest the agent may fetch external documentation, creating a potential surface for indirect prompt injection from untrusted web content.
Audit Metadata