algorand-vulnerability-scanner

skills-sh:trailofbits_skills__algorand-vulnerability-scanner

View source

85/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

85/100

HIGH 1

LOW 1

Findings (2)

HIGH

Jailbreak template PROMPT_INJECTION_011

prompt-injection L89

Detects common jailbreak prompt patterns

bypass restriction

FIX

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

FP?

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

LOW

pip install arbitrary package EXTDL_009

external-download L45

Detects pip install of arbitrary packages that modify the host environment

pip3 install te

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.