solana-audit

SUSPICIOUS. The skill’s capabilities are broadly aligned with its stated purpose as a Solana audit workflow, and the provided evidence shows no external downloads, credential requests, or third-party data routing. However, it explicitly equips an AI agent to perform security auditing on smart contracts, which falls under high-risk offensive/security tooling for agents. Risk is driven by the capability itself and the recursive multi-agent analysis of untrusted code, not by malware indicators or exfiltration behavior.