cadence
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to connect to a remote MCP server at
https://cadence-mcp.up.railway.app/mcpand links to documentation oncadence-lang.org. These resources are official components of the Cadence development environment provided by the author. - [COMMAND_EXECUTION]: The documentation includes setup steps using
npxto install the skill (npx skills add outblock/cadence-lang.org) and configure an MCP server usingmcp-remote. These commands are standard for the integration of the vendor's provided development tools. - [PROMPT_INJECTION]: The skill utilizes an MCP server that ingests documentation data from external sources. This identifies a surface for indirect prompt injection, though it is limited to technical lookup and diagnostic functions.
- Ingestion points: MCP tools like
search_docs,get_doc, andbrowse_docsfetch content from the remote server atcadence-mcp.up.railway.app. - Boundary markers: No explicit markers or warnings are specified for the tool outputs in the skill body.
- Capability inventory: The skill provides access to LSP tools such as
cadence_check,cadence_hover,cadence_definition, andcadence_symbols. - Sanitization: Content is treated as technical reference data for smart contract auditing and code checking.
Audit Metadata