Skills
skills/aibtcdev/skills/contract-preflight/Gen Agent Trust Hub

contract-preflight

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network requests to api.stxer.xyz to simulate Stacks blockchain contract calls. While it transmits public addresses and Clarity code, it does not access or exfiltrate sensitive data such as private keys, environment variables, or local configuration files.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied Clarity expressions and external API responses to recommend whether a transaction is "safe to broadcast." This creates a surface where a compromised API or malicious expression could influence the agent's decision-making logic.
  • Ingestion points: Command-line arguments --expression and --steps, and the JSON response from api.stxer.xyz processed in contract-preflight.ts.
  • Boundary markers: Not present.
  • Capability inventory: The skill influences the agent's decision to execute subsequent blockchain broadcast tools; it does not directly possess file-write or shell execution capabilities.
  • Sanitization: Implements basic safety limits including maximum expression length (2,000 characters) and maximum steps (20) per session.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:57 AM