The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (LOW): The skill guides the user to install 'tealer' via pip. Although this is an external dependency from an organization not included in the pre-approved trusted list, the severity is downgraded from MEDIUM to LOW because the tool is necessary for the skill's primary audit workflow.
Indirect Prompt Injection (LOW): The skill processes untrusted external TEAL and PyTeal source code, which could contain malicious instructions designed to influence the agent's behavior. 1. Ingestion points: Local .teal and .py files identified during contract scanning. 2. Boundary markers: Absent; there are no specific instructions for the agent to ignore prompt-based directives within analyzed code. 3. Capability inventory: Reading local files and executing shell commands via the tealer CLI. 4. Sanitization: Absent; the code content is processed directly for vulnerability analysis.

algorand-vulnerability-scanner