upgrade-solidity-contracts
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several official packages and repositories from trusted organizations, including OpenZeppelin's Hardhat and Foundry upgrade plugins and the Nomic Foundation's ethers library.
- [COMMAND_EXECUTION]: Provides a Node.js one-liner to compute ERC-7201 storage slots using the well-known
etherslibrary. This is a standard developer utility for defining secure storage layouts in upgradeable contracts. - [COMMAND_EXECUTION]: Recommends enabling the
ffi(Foreign Function Interface) feature in Foundry's configuration. This is necessary for the Foundry Upgrades library to shell out to the OpenZeppelin Upgrades CLI for performing safety validations. - [PROMPT_INJECTION]: The skill instructs the agent to execute a bash command involving a user-provided 'namespace id'. This is classified as an indirect injection surface.
- Ingestion points: The
node -escript accepts the 'namespace id' viaprocess.argv[1]. - Boundary markers: No specific delimiters are defined in the instructions for the agent.
- Capability inventory: The agent is granted the ability to execute shell commands via the
bashtool. - Sanitization: The skill does not explicitly provide sanitization logic for the identifier. This surface is considered low risk and consistent with the skill's primary purpose of providing professional developer tooling.
Audit Metadata