deployer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads contract code and deployment scripts from the official Uniswap GitHub repository. This is a trusted source and necessary for the skill's operation.
- [COMMAND_EXECUTION]: The skill uses blockchain tools like forge and cast to deploy contracts and interact with the network. These actions are the primary intended purpose of the skill and require user approval.
- [PROMPT_INJECTION]: The skill accepts JSON configuration files whose contents are used in shell commands, creating a surface for indirect prompt injection. This risk is addressed through required validation steps and user acknowledgments. Ingestion points: auction configuration JSON. Boundary markers: absent. Capability inventory: Bash(forge, cast, curl) and Write tools. Sanitization: instructed validation step and disclaimer confirmation.
Audit Metadata