Skills
skills/algorand-devrel/algorand-agent-skills/call-smart-contracts/Gen Agent Trust Hub

call-smart-contracts

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis

The skill call-smart-contracts and its reference file references/REFERENCE.md describe how to use the algokit command-line interface (CLI) and TypeScript code to interact with Algorand smart contracts. The instructions include commands like algokit project run build, algokit project deploy localnet, and npx tsx scripts/my-script.ts. The TypeScript code snippets import the @algorandfoundation/algokit-utils library.

Findings:

  • Unverifiable Dependencies (MEDIUM): The skill's core functionality relies on the algokit CLI and the @algorandfoundation/algokit-utils npm package. Neither algokit nor algorandfoundation are present in the provided list of trusted GitHub organizations or repositories. From an 'assume-malicious' posture, any external dependency not explicitly whitelisted is considered unverifiable at analysis time. While these are legitimate and widely used tools within the Algorand ecosystem, their content cannot be directly audited by this protocol, introducing a potential supply chain risk if these external components were compromised. This is flagged as MEDIUM severity.

    • Evidence: algokit project run build (SKILL.md, line 17), algokit localnet start (SKILL.md, line 27), import { AlgorandClient } from '@algorandfoundation/algokit-utils' (SKILL.md, line 43).

  • Indirect Prompt Injection (INFO): The skill involves interacting with smart contracts, which inherently means processing external data (e.g., contract method arguments, state values). This creates a general risk of indirect prompt injection if malicious data is fed into the contract or the skill's processing logic. This is a characteristic of the domain rather than a specific vulnerability introduced by the skill's instructions.

No other malicious patterns were detected. The skill does not contain prompt injection, data exfiltration, obfuscation, privilege escalation, persistence mechanisms, metadata poisoning, or time-delayed/conditional attacks within its instructions or code snippets. The commands provided are standard development operations for Algorand, intended for the user to execute in their environment, not for the agent to execute directly.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 10:40 PM