use-smart-contract-platform
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill is authored by Circle and facilitates legitimate use of their developer APIs using standard authentication and interaction patterns.
- [EXTERNAL_DOWNLOADS]: The skill depends on official Node.js packages (@circle-fin/smart-contract-platform and @circle-fin/developer-controlled-wallets). These are vendor-owned resources and are used for their intended purpose.
- [DATA_EXPOSURE_EXFILTRATION]: The skill includes explicit security rules against hardcoding or logging API keys and entity secrets. It recommends the use of environment variables and includes guidance for .gitignore configuration.
- [PROMPT_INJECTION]: The skill processes external data such as contract ABIs and blockchain events. It mitigates indirect injection risks through mandatory input validation and a requirement for explicit user confirmation before any write transaction or fund movement.
Audit Metadata