icrc-ledger
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the
icp-clitool from the official DFINITY Homebrew tap and references ledger Wasm/Candid files from the trusted dfinity/ic GitHub repository. As the skill is authored by dfinity, these are recognized as legitimate vendor resources. - [SAFE]: Implementation examples in Motoko and Rust for methods such as
sendTokensandtransferFrominclude clear warnings advising developers to add access control in production environments to prevent unauthorized fund transfers. - [SAFE]: The documentation includes security advisories against shell expansion in argument files and frontend-initiated transfers to help users avoid common logic vulnerabilities.
- [SAFE]: No instances of prompt injection, credential exposure, or obfuscation were detected in the provided skill content.
Audit Metadata