skills/pashov/skills/fizz/Gen Agent Trust Hub

fizz

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's setup process fetches the Foundry installation script from foundry.paradigm.xyz, which is an established and well-known service provider in the Ethereum development ecosystem.
  • [REMOTE_CODE_EXECUTION]: The skill includes a fallback acquisition protocol that uses git to clone the author's repository from github.com/pashov/skills.git to obtain project analysis tools.
  • [COMMAND_EXECUTION]: The skill executes various local CLI utilities including forge, medusa, and echidna for compiling Solidity contracts and running security campaigns. It also utilizes Node.js scripts for processing ABI data and generating Solidity test code.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it utilizes a multi-agent system to analyze untrusted Solidity source code. Evidence Chain: 1. Ingestion points: Solidity source files and x-ray analysis documents. 2. Boundary markers: Not implemented. 3. Capability inventory: Execution of build tools (forge) and fuzzers (medusa/echidna), and file system modification for harness generation. 4. Sanitization: Not explicitly present in the orchestration scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 08:39 AM
Security Audit — agent-trust-hub — fizz