alloy
Warn
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The SKILL.md file contains a hardcoded Ethereum private key hex string ('0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80'). While this is a well-known default test key for the Anvil development node, hardcoding private key literals in documentation is an unsafe practice that can lead to credential exposure.
- [COMMAND_EXECUTION]: The skill provides instructions in references/node-bindings.md for programmatically spawning local blockchain node processes such as Anvil, Geth, and Reth using the alloy-node-bindings library. This capability allows the agent to execute local binaries and manage system subprocesses.
- [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection by teaching the agent to read and parse untrusted data from external blockchain RPC providers, specifically via event logs and transaction receipts. Attackers could place malicious instructions on-chain to influence agent logic during parsing.
- [PROMPT_INJECTION]: Metadata poisoning and deceptive instructions identified. The SKILL.md and README.md files claim the skill provides comprehensive guidance for digital signatures and transaction management, yet the corresponding files (references/signatures-wallets.md and references/transactions-payments.md) are entirely empty, providing misleading information about the skill's capabilities.
Audit Metadata