midnight-compact-guide
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The file
rules/openzeppelin-patterns.mdrecommends the installation of@openzeppelin/compact-contracts. While OpenZeppelin is a reputable security entity, the 'openzeppelin' organization is not present in the 'Trusted GitHub Organizations' list, making this an unverifiable dependency. - EXTERNAL_DOWNLOADS (MEDIUM): The file
rules/tokens-shielded-unshielded.mdreferences the repositorygithub.com/midnightntwrk/midnight-ledger. The 'midnightntwrk' organization is not on the trusted list, which constitutes an unverifiable external reference. - COMMAND_EXECUTION (LOW): The file
rules/common-errors.mdcontains instructions for executing shell commands such ascompact --version,npm list, andcompact compile. These are standard for local development and environment management but allow the agent to interact with the host system. - DATA_EXFILTRATION (SAFE): No evidence of sensitive file access or exfiltration of data to unauthorized network domains was detected.
- PROMPT_INJECTION (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the analyzed documentation.
- INDIRECT_PROMPT_INJECTION (LOW): The skill serves as a knowledge base for code generation, creating a surface for indirect injection if the referenced external sources are compromised.
- Ingestion points: Markdown files in
rules/containing coding patterns. - Boundary markers: Absent; code blocks are presented without explicit instructions to ignore embedded content.
- Capability inventory: The skill facilitates code generation and suggests CLI operations (
npm,compact). - Sanitization: Absent; the content is static documentation.
Audit Metadata