scv-scan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The use of Bash is limited to Grep/Ripgrep for codebase sweeping. This is a non-exploitative use of the tool intended for static code analysis.\n- [PROMPT_INJECTION] (SAFE): The skill performs analysis on untrusted Solidity source files, creating an indirect prompt injection surface. However, the risk is minimized by the requirement to validate findings against a fixed, internal knowledge base (the references/ directory), which prevents the AI from being easily misled by instructions embedded in target contract comments.\n
- Ingestion points: Solidity source code read via Read and Grep tools.\n
- Boundary markers: Absent; the agent reads the code directly.\n
- Capability inventory: Bash, Write, and Task tools are available for searching and reporting.\n
- Sanitization: No sanitization of code comments is performed.
Audit Metadata