plutus-v3-conway
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override agent constraints or bypass safety guidelines. The instructional language is benign and domain-specific.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths. No network operations (curl/wget) are present in the skill.
- [Obfuscation] (SAFE): All content is provided in clear-text markdown. No Base64, zero-width characters, or homoglyphs detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external package managers (npm, pip) or remote script execution patterns. The shell commands provided in the documentation are educational examples for standard Cardano development tools (aiken, cardano-cli).
- [Indirect Prompt Injection] (SAFE): While the skill allows the 'Read' tool, it is focused on local documentation. There is no automated ingestion of untrusted external web content or untrusted data processing pipelines.
- [Persistence & Privilege Escalation] (SAFE): No commands aimed at modifying system configurations, startup scripts, or elevated permissions.
Audit Metadata