contracts
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (LOW): The skill body contains a direct instruction to "Fetch the correct URL: https://ethskills.com/addresses/SKILL.md". This domain is not on the trusted sources whitelist. Loading instructions from untrusted external domains is a minor security concern as it relies on the integrity of a non-verified third party.
- Indirect Prompt Injection (LOW): This skill creates a vulnerability surface by directing the agent to ingest data from an external source. While no malicious payload is present in this file, the pattern of fetching remote markdown for instructions can be used to bypass static analysis of the primary skill.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or exfiltration patterns were detected in the skill content.
- No Code (SAFE): The skill does not contain any executable scripts (Python, JavaScript, or Shell) or package dependencies.
Audit Metadata