security-audit
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of markdown instructions and does not include any associated scripts, executables, or shell commands.
- [SAFE]: No obfuscation, hidden URLs, or data exfiltration patterns were detected in the instructions or metadata.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external content, specifically user-provided source code and configuration files. This creates a surface for indirect prompt injection where malicious instructions could be embedded within the audited data to influence the agent's conclusions.
- Ingestion points: User messages containing code snippets, configuration files, and smart contract source code across Modes #1, #2, and #3.
- Boundary markers: The prompt does not define explicit delimiters or instructions to the agent to disregard natural language commands found within the audited code.
- Capability inventory: The skill definition does not grant the agent any tool access, file system write permissions, or network capabilities.
- Sanitization: User input is processed as raw text without filtering or escaping.
Audit Metadata