develop-secure-contracts
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill promotes security best practices by requiring the use of official, audited OpenZeppelin library components rather than custom implementations for critical blockchain logic.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and source code from official OpenZeppelin GitHub repositories (e.g., openzeppelin-contracts, cairo-contracts, rust-contracts-stylus, stellar-contracts). These are trusted vendor resources and are documented neutrally as sources for pattern discovery.
- [COMMAND_EXECUTION]: The skill utilizes standard file system tools (Glob, Read, Edit) to navigate and modify contract files (.sol, .cairo, .rs) within the user's project directory. These operations are essential for the primary functionality of code integration and do not involve arbitrary command execution.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted code from user-provided contract files (ingestion points: .sol, .cairo, and .rs files). While boundary markers and explicit sanitization logic are absent in the instructions, the skill's capabilities are limited to project file modification (Edit) and discovery (Glob), and it contains no instructions to execute logic found within those files.
Audit Metadata