deploying-contracts-on-gatelayer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill details the construction and execution of forge create commands for contract deployment. It specifically addresses command injection risks by instructing the agent to validate user-provided parameters like contract-path and rpc-url against restrictive regular expressions.
- [SAFE]: The skill demonstrates a strong security posture by explicitly warning against committing secrets to version control and recommending the use of Foundry's encrypted keystore for private keys. The external URLs for RPC endpoints and block explorers are standard infrastructure for the GateLayer ecosystem.
- [PROMPT_INJECTION]: The skill manages a potential indirect injection surface from user-supplied parameters.
- Ingestion points: contract-path, rpc-url, and keystore-account provided via user input.
- Boundary markers: Validation logic acts as a functional boundary between untrusted data and command execution.
- Capability inventory: Subprocess execution of the forge CLI tool.
- Sanitization: Strict regex patterns are provided to sanitize all external inputs, preventing the inclusion of malicious characters or command delimiters.
Audit Metadata