Skills
skills/5kahoisaac/opencode-configs/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the npx skills command-line interface to perform search, installation, and maintenance tasks.
  • [EXTERNAL_DOWNLOADS]: It fetches software packages and metadata from the skills.sh domain and various GitHub repositories.
  • [REMOTE_CODE_EXECUTION]: The command npx skills add <owner/repo@skill> -g -y allows for the automated installation and execution of code from remote repositories, specifically using flags to skip manual confirmation and install at a global scope.
  • [PROMPT_INJECTION]: The skill ingests untrusted search results from the registry and user-provided queries as inputs for installation commands. It does not utilize boundary markers to isolate this external data and possesses the capability to perform global package installations without sanitizing the incoming package information.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 01:52 PM