search-algorand-examples
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted code from external GitHub repositories.
- Ingestion points: Data enters the agent context via the
github_get_file_contentstool, which can read files from any user-specified or searched GitHub repository. - Boundary markers: Absent. The instructions do not define delimiters or specific 'ignore' rules for processing content found within retrieved files.
- Capability inventory: The skill is limited to read-only search and retrieval operations (
github_search_code,github_get_file_contents). No subprocess execution, file-system write, or network-send tools are provided within this skill. - Sanitization: Absent. Content from external repositories is retrieved and presented without validation or filtering.
- Unverifiable Dependencies & Remote Code Execution (INFO): The skill facilitates the retrieval of remote code files from third-party repositories. While this is the intended functionality, it introduces a dependency on unvetted external content.
Audit Metadata