behavioral-state-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core function of analyzing external smart contract code. An attacker could potentially embed malicious instructions within the contract comments or logic to influence the auditor's findings.
- Ingestion points: Untrusted smart contract source code processed during the behavioral decomposition and threat modeling phases in SKILL.md.
- Boundary markers: The skill does not define specific delimiters or instructions for the agent to disregard natural language commands found within the analyzed code.
- Capability inventory: The skill is capable of generating functional exploit PoC code and detailed vulnerability reports based on its analysis.
- Sanitization: There is no evidence of input filtering or sanitization of the provided contract code.
Audit Metadata