security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided Move contracts, which establishes a surface for indirect prompt injection. However, this is assessed as safe as the skill is purely instructional and lacks active script execution or network capabilities.\n
- Ingestion points: User-provided Move source code (Move contracts).\n
- Boundary markers: None explicitly defined to isolate code from instructions.\n
- Capability inventory: None; the skill provides procedures but does not include scripts for file-system or network operations.\n
- Sanitization: None.\n- [SAFE]: The skill includes strict 'NEVER' rules that prevent the agent from reading sensitive files like ~/.aptos/config.yaml or .env files, which are known to contain private keys. These guardrails align with security best practices for AI agents.
Audit Metadata