Skills
skills/algorand-devrel/algorand-agent-skills/create-project/Gen Agent Trust Hub

create-project

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill presents a HIGH risk due to potential command injection. The skill constructs shell commands using user-provided input (e.g., project name, author name) without explicit sanitization. If a malicious user provides input containing shell metacharacters (e.g., ;, &&, |), arbitrary commands could be executed on the system where the agent is running. For example, if <project-name> is provided as my-project; rm -rf /, the rm -rf / command could be executed.

Total Findings: 2

🔴 HIGH Findings: • Command Injection via Unsanitized User Input

  • Line 25 (SKILL.md): The skill instructs to run algokit init -n <project-name> -t typescript --answer author_name "<name>" --defaults. The placeholders <project-name> and <name> are directly substituted into a shell command. Without proper sanitization of user input, this creates a command injection vulnerability where a malicious user could execute arbitrary commands by providing specially crafted input.

🔵 LOW Findings: • Unverifiable Dependencies (Trusted Source)

  • Line 25 (SKILL.md): The skill relies on the external algokit command-line tool to initialize projects and potentially bootstrap dependencies. While algokit itself is a well-known tool from Algorand (a trusted organization), the skill implicitly trusts algokit to fetch templates and manage project dependencies from external sources (e.g., dev.algorand.co). This is noted as a low risk because the sources are trusted, but it still involves external code execution.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 12, 2026, 10:40 PM