foundry
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Documentation describes the
vm.fficheatcode, which enables execution of arbitrary shell commands and external binaries from within Solidity test environments. Evidence: Detailed inreferences/features-ffi-signatures.md. - [CREDENTIALS_UNSAFE]: Instructions guide the user on providing sensitive data such as private keys for transaction signing (
--private-key) and Etherscan API keys for contract verification. Evidence: Mentioned inreferences/features-cast.mdandreferences/features-coverage-verify.md. - [EXTERNAL_DOWNLOADS]: The skill references methods for retrieving external code, including the
forge installcommand for managing dependencies via git and the use ofnpxto run the Chisel REPL. Evidence: Documented inreferences/core-project-layout.mdandreferences/features-chisel.md. - [REMOTE_CODE_EXECUTION]: The skill documents an environment susceptible to indirect prompt injection where untrusted Solidity code could trigger dangerous capabilities. Ingestion points: The agent is directed to work with Solidity files in
src/,test/, andscript/directories, and install external libraries viaforge install(as seen incore-project-layout.md). Boundary markers: There are no documented boundary markers or instructions to treat external Solidity code as untrusted data to prevent unintended command execution. Capability inventory: The documented toolset includes the ability to execute arbitrary shell commands viavm.ffi(features-ffi-signatures.md) and perform network operations using private keys (features-cast.md). Sanitization: While the documentation mentions that FFI must be explicitly enabled, it does not provide strategies for an agent to validate or sanitize Solidity inputs before execution.
Audit Metadata