solana-audit

The solana-audit skill presents a coherent, well-scoped framework for auditing Solana programs (native or Anchor) using a two-pass syntactic/semantic approach and a structured report with taxonomy IDs. Its footprint is proportionate to the stated purpose, with no evident suspicious data exfiltration, credential handling, or external binary installs. The risk posture is low to moderate (securityRisk around 0.3–0.5) given reliance on local analysis and vetted references, though the preference for explicit provenance of input code and rigorous false-positive handling should be documented to avoid misinterpretation of findings.