slither
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [NO_CODE]: The skill package contains only Markdown documentation and references. It does not include any executable scripts or binary files.\n- [COMMAND_EXECUTION]: The documentation provides instructions for the agent to execute Slither CLI tools (e.g.,
slither,slither-flat) to analyze local or remote smart contract code.\n- [EXTERNAL_DOWNLOADS]: The skill describes how to analyze contracts directly from Etherscan, which involves Slither downloading source code from the Etherscan API. It also references compiler management viasolc-select.\n- [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists.\n - Ingestion points: Slither analyzes external Solidity and Vyper source files.\n
- Boundary markers: No explicit markers or instructions provided to the agent to ignore embedded instructions in contract comments.\n
- Capability inventory: The skill enables full use of the Slither CLI and its sub-tools for contract analysis.\n
- Sanitization: There is no mechanism described for sanitizing or escaping contract content before analysis results are presented to the agent.
Audit Metadata