Skills
skills/gmh5225/awesome-web3-security/smart-contract-security/Gen Agent Trust Hub

smart-contract-security

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references an external data source from a third-party GitHub repository (gmh5225/awesome-web3-security). While this is a data fetch and not a script execution, the source is not an organization within the trusted scope.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill ingests untrusted data from an external markdown file without boundary markers or sanitization logic.
  • Ingestion points: External URL in SKILL.md (https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md).
  • Boundary markers: Absent. The skill does not provide instructions to the agent to ignore embedded instructions within the fetched data.
  • Capability inventory: Natural language processing and response generation based on the fetched data.
  • Sanitization: Absent. There is no validation or filtering specified for the external content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 07:20 AM