alchemy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious activity or security risks were detected across the ten threat categories.
- [PROMPT_INJECTION] (SAFE): No instructions designed to override AI behavior, bypass safety filters, or extract system prompts were found. Instructions are context-specific and benign.
- [EXTERNAL_DOWNLOADS] (SAFE): The only external software interaction involves installing standard packages from a reputable registry using
bun installorbunx vitest. No downloads from untrusted or malicious sources were identified. - [COMMAND_EXECUTION] (SAFE): The shell commands included in the skill (e.g.,
alchemy deploy,alchemy init,bun format) are standard operations for the specific IaC framework being described and do not perform unintended or harmful actions on the host system. - [DATA_EXFILTRATION] (SAFE): There are no patterns suggesting the exfiltration of sensitive data. The skill specifically highlights the use of
alchemy.secret()to handle environment variables safely. - [INDIRECT_PROMPT_INJECTION] (LOW): While the skill could theoretically be used to process external data, the current context is strictly instructional and focused on local infrastructure management. Standard LLM safety guardrails apply to any dynamic data input.
Audit Metadata