aiken-smart-contracts
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core purpose of processing external user requests while maintaining high-impact capabilities.
- Ingestion points: User requests for creating or auditing Aiken validators are processed via the prompt in SKILL.md.
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within user-provided logic.
- Capability inventory: The agent has access to
WriteandBash(aiken:*), allowing it to create files and execute them on the host system. - Sanitization: None detected. The agent does not appear to validate or sanitize user input before passing it to shell commands or file writes.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly allows the execution of
aikenandcardano-clicommands. While restricted to these binaries, it still enables arbitrary argument passing which could lead to unintended local actions if the tools are used to process malicious user-generated files.
Recommendations
- AI detected serious security threats
Audit Metadata