pda-dynamic
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of documentation and reference materials (Markdown files) with no executable scripts, automated installation steps, or obfuscated content.
- [EXTERNAL_DOWNLOADS]: The documentation provides links to external smart contract source code and deployment data on GitHub (whetstoneresearch/doppler). These are presented as informational resources for the agent to reference during its operation.
- [PROMPT_INJECTION]: The skill directs the agent to utilize external repositories as a 'source of truth' for technical data (Indirect Prompt Injection). Evidence: 1. Ingestion points: Doppler deployment links in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Use of shell tools (forge, cast). 4. Sanitization: Absent.
- [COMMAND_EXECUTION]: The workflow involves the use of external CLI tools like Foundry (forge, cast), but the skill provides these as instructions for manual or guided use rather than automated execution blocks.
Audit Metadata