solidity-checklist

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill establishes a robust 6-layer verification process designed to prevent common errors in smart contract interaction and deployment.
  • [SAFE]: Credential security is emphasized by mandating the use of the '--account' flag with Foundry's keystore system and explicitly warning against the use of the '--private-key' flag, which prevents sensitive keys from being stored in shell history.
  • [PROMPT_INJECTION]: The metadata description includes a directive ([AUTO-INVOKE]) designed to ensure the agent uses this safety checklist before performing any sensitive on-chain actions. This is a safety-oriented behavioral constraint rather than a malicious bypass.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is noted. 1. Ingestion points: The skill instructs the agent to read and analyze external contract source code (SKILL.md Layers 1, 2, and 4). 2. Boundary markers: No specific delimiters are provided for code analysis. 3. Capability inventory: The agent has the ability to execute on-chain transactions via 'cast send' and 'forge script' (Layer 6). 4. Sanitization: None. While this surface exists, the checklist methodology itself serves as a human-in-the-loop verification process to mitigate risks.
  • [COMMAND_EXECUTION]: The skill provides valid command templates for standard development tools (cast, forge). These tools are used for their intended purpose within a blockchain development context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 02:50 AM
Security Audit — agent-trust-hub — solidity-checklist