solidity-security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because its primary function is to audit untrusted Solidity code provided by users.
- Ingestion points: Untrusted source code enters the agent context through user prompts or project files being analyzed, as described in Phase 3 of
SKILL.md. - Boundary markers: The skill does not instruct the agent to use specific delimiters or to ignore natural language instructions that might be embedded in code comments or string literals.
- Capability inventory: The skill authorizes the agent to execute shell commands for security tools like
slither,forge, andaderyn(SKILL.mdPhase 2). - Sanitization: There is no specific instruction for the agent to sanitize or filter the input code before processing it.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform automated analysis using standard security tools. In
SKILL.mdPhase 2, the agent is directed to runslither,forge, andaderynif they are available in the environment. These tools are industry standard and appropriate for the skill's purpose.
Audit Metadata