solidity-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches version information from the author's public GitHub repository (github.com/pashov/skills) to notify the user of available updates. This operation targets a vendor-owned resource and is a standard maintenance practice.
- [COMMAND_EXECUTION]: The skill utilizes several Bash commands (find, curl, mktemp, cat) to manage the auditing workflow. These are used to discover smart contract files, check for updates, and create temporary data bundles for the analysis agents within a secure temporary directory.
- [DATA_EXFILTRATION]: The skill reads local smart contract files for analysis but does not transmit the source code or any sensitive project data over the network. Network activity is limited to the aforementioned version check.
- [PROMPT_INJECTION]: Because the skill processes untrusted Solidity source code, it is an ingestion point for potential indirect prompt injection. The skill mitigates this by using specific headers and Markdown code blocks to clearly delineate user-supplied code from the analysis instructions.
Audit Metadata