write-contracts
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No instructions were found that attempt to override system prompts or bypass safety guidelines. The instructions are strictly focused on generating high-quality Move code.
- [DATA_EXFILTRATION]: No patterns for accessing sensitive files (~/.ssh, .env) or exfiltrating data to external servers were detected. The skill specifically warns against reading .env or local Aptos config files containing private keys.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or private keys were found. The examples use standard placeholders and named addresses as per Aptos development best practices.
- [REMOTE_CODE_EXECUTION]: The skill does not contain any patterns for downloading or executing remote code. It provides static Move code templates and logic.
- [COMMAND_EXECUTION]: No shell command execution or subprocess spawning patterns were identified.
- [EXTERNAL_DOWNLOADS]: All external references point to the official Aptos documentation (aptos.dev), which is a trusted source for this vendor. No untrusted third-party dependencies or scripts are fetched.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests user input to generate contracts (surface for indirect injection), it provides extensive security rules and a checklist to ensure the generated code remains secure. It explicitly recommends using a 'security-audit' skill before deployment.
Audit Metadata