The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and analyze user-provided Solidity source code, which constitutes untrusted external data. This could allow an attacker to embed malicious instructions within code comments to influence the auditor's findings. * Ingestion points: SKILL.md (Phase 1-3) describes the process of reading and analyzing external contract code and dependencies. * Boundary markers: Absent. The instructions do not mandate the use of delimiters to isolate the code-to-be-audited from the agent's operational instructions. * Capability inventory: Limited to generating textual reports and analysis; no evidence of file system access, network operations, or subprocess execution capabilities. * Sanitization: Absent. No logic is provided to filter or escape instructions hidden within Solidity comments or string literals.
[SAFE] (SAFE): General Security Posture. The skill contains no evidence of malicious code, data exfiltration, or obfuscation. It relies on established security frameworks like OWASP and references trusted industry standards such as OpenZeppelin.

solidity-auditor