Skills
skills/1nfsh-s3/skills/related-skill/Gen Agent Trust Hub

related-skill

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill facilitates the download of third-party packages from inference-sh/skills via the npx skills add command. This registry is not included in the pre-verified list of trusted sources, posing a supply chain risk.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Installing skills from a remote registry leads to the execution of external code within the agent's environment. If a package in the registry were compromised, it could lead to remote code execution.
  • [COMMAND_EXECUTION] (LOW): The skill is explicitly granted permission to execute npx skills * in a Bash shell. This capability is used to modify the agent's software configuration and install new tools.
  • [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection through search results.
  • Ingestion points: Data retrieved from npx skills search and npx skills list from the inference.sh registry.
  • Boundary markers: None present; the agent treats registry metadata as instructions for skill selection and installation.
  • Capability inventory: Access to system commands via Bash(npx skills *) and the ability to download/execute new code.
  • Sanitization: No evidence of sanitization or validation of the registry's output before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 07:32 PM