aiken-dex-security-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): All analyzed files are markdown documents (
.md). There are no scripts, binaries, or configuration files that execute code on the host system. - [Credentials Unsafe] (SAFE): The skill contains explicit safety instructions: 'Never ask for or handle seed phrases / private keys.' No hardcoded secrets or API keys were found.
- [Remote Code Execution] (SAFE): No patterns of remote script downloading (e.g.,
curl | bash) or execution of external payloads were detected. - [Data Exfiltration] (SAFE): There are no network-capable commands (
curl,wget,fetch) or operations that access sensitive local files (~/.ssh, etc.). - [Indirect Prompt Injection] (LOW): Because the skill is designed to ingest and analyze external code (smart contract repos), it has a natural attack surface for indirect prompt injection. However, the framework mitigates this by mandating 'No hallucinations,' requiring 'evidence over vibes,' and utilizing specific test-driven templates for all findings.
Audit Metadata