analyzing-nft-rarity
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill fetches NFT metadata from well-known and reputable service providers including OpenSea (api.opensea.io), Alchemy (eth-mainnet.g.alchemy.com), and established IPFS gateways (ipfs.io, cloudflare-ipfs.com). These network operations are limited to data retrieval and do not transmit sensitive information.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests and processes untrusted trait data from external NFT collections. However, this risk is mitigated by the fact that the ingested content is handled as data for rarity calculations, and the skill lacks high-privilege tools that could be exploited through this vector.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials or unauthorized sensitive file access patterns were detected. The documentation correctly instructs the use of environment variables or .env files for managing API keys, which is a recognized safe practice.
Audit Metadata