The Agent Skills Directory

[SAFE]: The skill's design and instructions align with its stated purpose of providing a structured smart contract audit. It provides educational and technical resources for vulnerability detection without malicious intent.\n- [NO_CODE]: The skill package contains only Markdown documentation and YAML metadata. It does not ship with executable scripts, binaries, or automated environment modifications.\n- [PROMPT_INJECTION]: The prompts provided for sub-agents (explorer, scanners, adversarial) are focused on analysis tasks. They do not contain instructions to override system safety protocols or manipulate the agent's core constraints.\n- [DATA_EXFILTRATION]: The skill operates on local source code provided by the user. It does not contain logic to exfiltrate sensitive data or hardcoded credentials to external domains.\n- [COMMAND_EXECUTION]: The skill suggests using standard terminal tools like grep and ripgrep to perform its auditing tasks. These operations are essential to the primary purpose of the skill and do not represent unauthorized or malicious command execution.\n- [PROMPT_INJECTION]: While the skill processes untrusted program code (the audit target), it includes a rigorous 'Phase 3' validation and falsification step. This workflow, combined with the 'False Positive Gate', specifically mitigates the risk of the agent being misled by indirect prompt injection within the audited code.

solana-audit