solidity-core
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill utilizes a 'curl | bash' pattern for installing the Foundry toolchain from 'https://foundry.paradigm.xyz'. This method executes unverified remote scripts with shell privileges. Severity reduced from CRITICAL to HIGH as it is the primary installation method for the tools described in the skill.
- EXTERNAL_DOWNLOADS (MEDIUM): The domain 'foundry.paradigm.xyz' is used for tool acquisition but is not included in the Trusted External Sources whitelist. Severity reduced from HIGH to MEDIUM given its direct relevance to the primary skill purpose.
- COMMAND_EXECUTION (LOW): The skill documentation describes and facilitates the use of powerful CLI tools (forge, cast, anvil) which provide the agent with capabilities for blockchain interaction and local process execution. This is a necessary capability for the skill's intended use.
Recommendations
- HIGH: Downloads and executes remote code from: https://foundry.paradigm.xyz - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata