solidity-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and analyze untrusted Solidity smart contract code, which presents a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted Solidity source files provided for review in
SKILL.md. - Boundary markers: The instructions lack explicit directives for the agent to use boundary markers or to ignore instructions embedded within code comments or string literals in the input code.
- Capability inventory: The skill utilizes a suite of analysis tools (
run_slither,run_aderyn,match_vulnerability_patterns, etc.) that act upon the untrusted input. - Sanitization: There is no evidence of pre-processing or sanitization of the input code to strip potentially malicious instructions before the analysis tools are invoked.
Audit Metadata