security-audit
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, creating an attack surface for indirect prompt injection. \n
- Ingestion points:
scripts/fetch_contract.py(contract source code) andscripts/solodit_api.py(vulnerability finding content). \n - Boundary markers: No delimiters or safety instructions are used when presenting external content to the agent. \n
- Capability inventory: The agent has permissions to execute shell commands and perform filesystem write operations. \n
- Sanitization: Fetched data is not sanitized or filtered for malicious instructions before being used. \n- [EXTERNAL_DOWNLOADS]: The skill performs legitimate network requests to well-known blockchain services, including Etherscan and Solodit. These operations are necessary for its primary function and target trusted industry domains. \n- [COMMAND_EXECUTION]: A path traversal vulnerability is present in
scripts/fetch_contract.py. The script uses filenames from multi-file contract JSON responses directly to construct file paths without sanitization, which could allow a malicious response to overwrite files outside the intended output directory.
Audit Metadata