alchemy-core-workflow-b
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes data from external, untrusted sources (blockchain metadata).
- Ingestion points: Data enters the agent context through Alchemy SDK methods in
src/nft/collection-explorer.ts,src/nft/batch-metadata.ts, andsrc/nft/verify-ownership.ts(e.g.,getContractMetadata,getNftsForContract,getNftMetadataBatch). - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the fetched metadata.
- Capability inventory: The skill has access to
Read,Write,Edit, andBashtools, which could be exploited if the agent obeys instructions hidden in the metadata. - Sanitization: The code snippets do not show any sanitization or validation of the strings (e.g., names, descriptions) returned from the blockchain before they are processed or returned to the agent context.
Audit Metadata