smart-contract-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill contains no executable code. All provided content is written in Markdown and YAML for the purpose of instruction and metadata. There are no Python, Node.js, or shell scripts associated with this skill.
- [EXTERNAL_DOWNLOADS] (SAFE): No external resources, package installations, or remote script executions are present. The skill references internal files for knowledge grounding, which is standard behavior.
- [PROMPT_INJECTION] (SAFE): The prompt instructions establish a specialized persona for security auditing. No patterns related to bypassing safety filters, system prompt disclosure, or instruction overrides were detected.
- [DATA_EXFILTRATION] (SAFE): The skill does not contain any code or instructions capable of performing network operations or accessing sensitive user configuration files (e.g., credentials or SSH keys).
- [INDIRECT_PROMPT_INJECTION] (SAFE): 1. Ingestion points: The skill processes user-provided smart contract code. 2. Boundary markers: None explicitly defined in the prompt. 3. Capability inventory: The skill has no capabilities to write to the file system, execute shell commands, or make network calls. 4. Sanitization: Not present. Conclusion: Because the skill lacks any executable capabilities, the surface for indirect prompt injection via untrusted contract code poses no security risk to the environment.
Audit Metadata