Skills
skills/serenorg/seren-skills/smart-contract-audit/Gen Agent Trust Hub

smart-contract-audit

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network operations using curl to communicate with api.firepan.com. It transmits repository URLs and requires the handling of sensitive Authorization: Bearer tokens for authenticated calls.
  • [COMMAND_EXECUTION]: The instructions include shell and Python examples for generating idempotency keys and executing network requests, which involves the use of system utilities like curl and uuidgen.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it processes untrusted data from external smart contract repositories.
  • Ingestion points: Smart contract code is retrieved from external sources via the repo_url parameter defined in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from obeying instructions embedded within the contract code being analyzed.
  • Capability inventory: The skill possesses network capabilities (curl) to send data to external endpoints.
  • Sanitization: No sanitization or validation logic is specified for the contract content before it is processed by the agent or the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 02:44 AM