alchemy-hello-world
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill content.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of alchemy-sdk from the official npm registry, which is a well-known and trusted library for blockchain interactions.
- [CREDENTIALS_UNSAFE]: Correctly utilizes environment variables (process.env.ALCHEMY_API_KEY) for authentication, adhering to security best practices for secret management.
- [COMMAND_EXECUTION]: Includes standard npm commands for environment setup and dependency management relevant to the skill's purpose.
- [SAFE]: Evaluated indirect prompt injection surface: 1. Ingestion points: External blockchain data via alchemy.nft.getNftsForOwner, alchemy.core.getTokenMetadata, and alchemy.core.getBlock in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Read, Write, Edit, and Bash tools defined in SKILL.md. 4. Sanitization: Absent. The surface is categorized as safe because the fetched data is only used for console logging in these examples.
Audit Metadata