ethskills
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is primarily composed of educational markdown files designed to improve the performance and safety of AI agents working with blockchain technology.
- [EXTERNAL_DOWNLOADS]: The skill instructs agents to fetch current Ethereum development documentation from
ethskills.comand GitHub repositories owned byaustintgriffith. These references are intended to provide real-time updates on gas prices and contract standards, which are essential for the skill's stated purpose. - [PROMPT_INJECTION]: The contract auditing module (
audit/SKILL.md) reads external, untrusted Solidity code as part of its systematic audit process. While this represents a surface for indirect prompt injection, the risk is inherent to the task of auditing and the skill provides defensive checklists and methodology to mitigate accidental obedience to embedded instructions. - [DATA_EXFILTRATION]: An automated scanner flagged a Chainlink data feed URL (
data.chain.link) as potentially malicious. This is a false positive; Chainlink is a well-known technology provider and the link is used solely to provide factual price information to the agent.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata