web3-hunt-foundation
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including
forge build,forge test,slither, andaderyn. While these are legitimate security tools, running them against untrusted code from external repositories poses a risk, as build configurations or test suites in a malicious repository could execute arbitrary code on the host system. - [EXTERNAL_DOWNLOADS]: The recon methodology involves downloading external code using
git clone <target-repo>, which introduces untrusted content into the agent's environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources. Ingestion points: Cloning target repositories and reading audit reports or bounty program descriptions (SKILL.md). Boundary markers: None identified; the instructions do not establish delimiters to separate untrusted external content from system instructions. Capability inventory: Subprocess execution (via forge, slither, aderyn) and network access (SKILL.md). Sanitization: No sanitization, filtering, or validation of the external content is described before the agent processes it.
Audit Metadata