multi-canister
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill demonstrates functions that ingest untrusted data from external callers, such as usernames and post content.
- Ingestion points: Functions like
registerinsrc/user_service/main.moandcreatePostinsrc/content_service/main.mo. - Boundary markers: The code examples do not use explicit delimiters, but the documentation provides clear instructions on implementing validation.
- Capability inventory: The skill is capable of state modification and inter-canister calls.
- Sanitization: The skill's 'Production Readiness' sections explicitly warn about the lack of input validation in the examples and provide detailed remediation guidance.
- [COMMAND_EXECUTION]: The 'Canister Factory' examples demonstrate the dynamic installation of WASM code using the management canister's
install_codemethod. The documentation identifies this as a high-risk capability and provides security best practices, such as verifying WASM hashes and restricting access to authorized principals.
Audit Metadata