aiken-smart-contracts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses specific command-line tools (aiken and cardano-cli) for blockchain development.
- [EXTERNAL_DOWNLOADS] (SAFE): Installation metadata points to standard developer tools (docker, colima, curl) via the Homebrew package manager.
- [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection (Category 8) as it ingests user-supplied logic. 1. Ingestion points: User requests for smart contract validators in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash tool access for aiken and cardano-cli binaries, plus file Read and Write tools. 4. Sanitization: Absent.
Audit Metadata