solana-security
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists exclusively of markdown documentation and reference materials. It contains no executable scripts or code that could perform operations on the host system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted Solana program code from users. This is an inherent risk of its primary function.
- Ingestion points: Processes user-provided source code files for security analysis as described in SKILL.md.
- Boundary markers: The skill does not implement specific delimiters or warnings to ignore instructions embedded within the analyzed code.
- Capability inventory: The skill has no autonomous capabilities; it does not execute code, perform network requests, or modify the filesystem.
- Sanitization: There is no logic provided to sanitize or filter potential instructions hidden in the code being audited.
- [EXTERNAL_DOWNLOADS]: The documentation references official security tools (e.g., Trident) and well-known production repositories (e.g., Raydium, Kamino, Squads). These references are documented neutrally for educational and tool-recommendation purposes and target trusted or well-known ecosystem organizations.
Audit Metadata