security-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the
Bashtool. The instructions in theSETUPphase specifically direct the agent to use this capability to configure the environment, such as setting thesolcversion based on the content of afoundry.tomlfile. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted Solidity files and directories provided as arguments. Maliciously crafted content within these files (e.g., within comments or string literals) could attempt to override the auditor's protocols or influence its findings.
- Ingestion points: Smart contract files read via
Read,Glob, andGreptools. - Boundary markers: None explicitly defined to separate contract code from instructions, making it possible for the LLM to misinterpret code comments as authoritative instructions.
- Capability inventory: The skill has access to
Bash, file system operations, and several specialized auditing tools (run-slither,run-aderyn, etc.). - Sanitization: No explicit sanitization or instructions to disregard embedded commands in audited files are present.
Audit Metadata