flare-fdc
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): All links point to the official Flare Network documentation (dev.flare.network) and foundation-managed GitHub repositories. No downloads from untrusted sources were found.
- [DATA_EXFILTRATION] (SAFE): No attempts to access sensitive local files (e.g., SSH keys, environmental configs) or hardcoded credentials were detected. The skill correctly instructs the use of environment variables for sensitive API keys.
- [PROMPT_INJECTION] (SAFE): The content consists of technical guidance and code snippets without instructions designed to bypass agent constraints or manipulate core behavior.
- [MALICIOUS_URL_ANALYSIS] (SAFE): The security alert for 'Payment.so' is likely a false positive; the source text contains 'Payment.sol' (a standard Solidity extension), which some scanners misidentify as a Somalian TLD (.so). No actual malicious domain or binary was found.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill documents processing external data via the FDC Web2Json attestation, it proactively references official 'URL Parsing Security' guides to mitigate potential injection risks.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata