solidity-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs a standard version check by fetching a version number from the author's official GitHub repository at pashov/skills via curl. This is used to notify the user of available security updates.\n- [COMMAND_EXECUTION]: The skill executes Bash commands including 'find' to discover Solidity source files and 'cat' to concatenate file contents into temporary bundle files for sub-agent processing. These operations are restricted to the local file system and the project's own directory.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted Solidity files from the repository being audited.
- Ingestion points: Reads all files with a .sol extension in the current directory as identified by Bash find.
- Boundary markers: In-scope files are wrapped in path-specific headers and markdown fenced code blocks when bundled for agents.
- Capability inventory: The aggregated source code is provided as input to sub-agents using Sonnet and Opus models which perform the actual vulnerability analysis.
- Sanitization: No input sanitization or filtering of the smart contract source code is performed before it is interpolated into agent instructions.
Audit Metadata