Skills
skills/bankrbot/skills/Smart Contract Audit/Gen Agent Trust Hub

Smart Contract Audit

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches its primary instructions and checklist from https://ethskills.com/audit/SKILL.md during installation and setup. It also provides instructions to install a plugin from a GitHub repository (github.com/austintgriffith/ethskills).
  • [COMMAND_EXECUTION]: The catalog.json file contains a shell command using curl to fetch the external skill definition from the provider's server.
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted smart contract source code provided by users, which serves as an entry point for indirect prompt injection.
  • Ingestion points: Solidity source code pasted by the user for auditing (documented in catalog.json).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are present in the provided skill files.
  • Capability inventory: The skill instructions specify that the agent should synthesize findings and file GitHub issues, implying the agent has network and write access to developer platforms.
  • Sanitization: No validation or sanitization logic is defined for the input contract code before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 01:18 PM
Security Audit — agent-trust-hub — Smart Contract Audit