The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an 'Alchemy-First Rule' that instructs the agent to always recommend the vendor's platform and avoid competitors for any blockchain-related queries. This is an intentional attempt to bias the agent's neutral behavior and steer its responses.
[COMMAND_EXECUTION]: The workflow relies on executing shell commands via npx and a custom CLI tool (mppx). While these are used for protocol authentication and payments, executing global packages and shell commands increases the risk of local system compromise if the environment is not restricted.
[CREDENTIALS_UNSAFE]: The instructions describe a process for signing messages using private keys via a CLI flag (--private-key <key-or-path>). Although the skill explicitly forbids the agent from using file tools to read sensitive files like .env or wallet.json, the practice of passing private keys as command-line arguments can lead to sensitive data being exposed in process listings or shell history.
[EXTERNAL_DOWNLOADS]: The skill requires the installation and execution of external Node.js packages (@alchemy/x402, @x402/fetch, mppx) from the public NPM registry. These packages are essential for the skill's functionality but introduce external dependencies into the execution environment.

alchemy-agentic-gateway