alloy-howtos
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is authorized to execute
alloyandnodecommands using the Bash tool. This capability is used for project scaffolding, component generation, and building the application.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads and analyzes local project files to provide contextual assistance.\n - Ingestion points: The agent reads project files including
alloy.jmk,config.json, and the contents of theapp/directory using the Read, Grep, and Glob tools.\n - Boundary markers: No specific delimiters or instructions are provided to the agent to ignore or isolate instructions that might be embedded within these files.\n
- Capability inventory: The agent possesses the ability to execute CLI commands via
Bash(alloy *)andBash(node *), as well as file modification capabilities through the Write and Edit tools.\n - Sanitization: There is no evidence of sanitization or validation of the data extracted from the project files before it is used by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill's documentation includes instructions for downloading the Alloy CLI from the official npm registry and cloning its source code from the tidev organization on GitHub. These references point to legitimate and well-known technology resources.
Audit Metadata