solana-dev
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install essential Solana development tools, including the Solana CLI, Solana MCP server, and Surfpool. These resources are fetched from well-known, official ecosystem domains such as
solana.com,anza.xyz, andsurfpool.run. - [REMOTE_CODE_EXECUTION]: Several setup steps involve piping remote scripts to the shell (e.g.,
curl | bash). While this pattern is normally high-risk, in this context it is used for the standard installation of reputable tools within the Solana developer toolchain and originates from trusted sources. - [COMMAND_EXECUTION]: The skill makes extensive use of CLI tools for building, testing, and deploying blockchain programs (e.g.,
anchor build,surfpool start). It correctly advises the use of theNO_DNA=1flag for non-interactive agent execution. - [SAFE]: The skill explicitly includes a security section with guardrails for the AI agent, such as requiring user approval for transactions, prohibiting the handling of private keys, and treating all on-chain data as untrusted input to prevent indirect prompt injection.
Audit Metadata