foundry
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the installation of
halmosandcertora-cliviapip. These packages are hosted on PyPI and managed by organizations (a16z and Certora) that are not included in the pre-defined trusted source list. \n- [COMMAND_EXECUTION] (LOW): The skill provides numerous commands for executing shell processes viaforge,just, andhalmos. While these are standard for blockchain development, they represent a significant capability that should be used with caution when processing user-generated logic. \n- [CREDENTIALS_UNSAFE] (INFO): Documentation and script templates explicitly mention the use of environment variables likePRIVATE_KEYandMNEMONIC. While necessary for deploying contracts, these are highly sensitive secrets, and their presence in instructions increases the risk of accidental exposure or targeted exfiltration if the agent's context is compromised.
Audit Metadata