solidity-security
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to assist in auditing external Solidity contracts, which creates a surface for indirect prompt injection. Malicious instructions could be embedded in the comments or logic of untrusted contracts being analyzed. * Ingestion points: External smart contract source code provided for security auditing. * Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the input code. * Capability inventory: The skill references a shell script
scripts/analyze-contract.shfor automated contract analysis. * Sanitization: No input validation or sanitization of the analyzed contract code is described in the documentation. - [EXTERNAL_DOWNLOADS]: The skill references OpenZeppelin contract libraries and industry-standard security analysis tools such as Slither, Mythril, and Echidna. These are well-known and trusted resources within the blockchain development community.
- [COMMAND_EXECUTION]: The documentation includes a reference to a local script
scripts/analyze-contract.sh, which is intended to be executed for static analysis of Solidity smart contracts.
Audit Metadata