solidity-security-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the analysis of user-provided Solidity code, which presents a surface for indirect prompt injection. An attacker could embed malicious instructions in code comments or metadata to influence the agent's behavior during the audit process. * Ingestion points: Solidity source code provided by users for auditing (SKILL.md). * Boundary markers: The skill does not provide specific delimiters or instructions to ignore embedded natural language commands in the code being audited. * Capability inventory: The skill utilizes static analysis tools and database searches (e.g., Slither, Aderyn, SCWE database) via MCP tools. * Sanitization: No explicit sanitization of input code is implemented.
- [COMMAND_EXECUTION]: The skill references the use of external static analysis tools like Slither and Aderyn. These tools are executed as part of the auditing workflow to detect vulnerabilities, which is the primary intended behavior of the skill.
Audit Metadata