The Agent Skills Directory

[External Downloads] (LOW): The skill instructions direct the agent to retrieve code and examples from various GitHub repositories under the algorandfoundation organization. Per the analysis rules, this organization is not on the 'Trusted GitHub Organizations' list, making the source technically 'unknown'. However, the risk is mitigated as these are the official development resources for the Algorand blockchain, and the activity is central to the skill's primary purpose.
[Command Execution] (LOW): The skill utilizes algokit project run build, algokit project run test, and algokit project deploy localnet. These commands execute local scripts defined within the project environment. If an attacker were to influence the code generated or adapted from external sources (e.g., via a compromised repository or malicious documentation), they could potentially achieve arbitrary code execution during the build or test phase. The severity is lowered to LOW because this capability is necessary for the intended function of a smart contract build skill.
[Indirect Prompt Injection] (LOW): The skill exhibits an attack surface where instructions could be injected via external data processed by the agent.
Ingestion points: Documentation results from kapa_search_algorand_knowledge_sources and code content from the specified GitHub repositories (e.g., devportal-code-examples).
Boundary markers: Absent; there are no instructions to the agent to use delimiters or to ignore natural language instructions embedded within the fetched code or documentation.
Capability inventory: The agent has the ability to execute shell commands (algokit), write files (code generation), and perform network operations via search tools.
Sanitization: Absent; external content is adapted and integrated into the project without validation or sanitization of embedded instructions.

build-smart-contracts