analyzing-nft-rarity

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill fetches NFT metadata from well-known and reputable service providers including OpenSea (api.opensea.io), Alchemy (eth-mainnet.g.alchemy.com), and established IPFS gateways (ipfs.io, cloudflare-ipfs.com). These network operations are limited to data retrieval and do not transmit sensitive information.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests and processes untrusted trait data from external NFT collections. However, this risk is mitigated by the fact that the ingested content is handled as data for rarity calculations, and the skill lacks high-privilege tools that could be exploited through this vector.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials or unauthorized sensitive file access patterns were detected. The documentation correctly instructs the use of environment variables or .env files for managing API keys, which is a recognized safe practice.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:02 PM
Security Audit — agent-trust-hub — analyzing-nft-rarity