find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions for the agent to download and install external code from GitHub repositories via the
npx skills addcommand. This enables the agent to dynamically extend its functionality with third-party logic.- [COMMAND_EXECUTION]: The skill utilizes system commands to perform management tasks. It specifically instructs the agent to use the-g(global) flag for installation and the-yflag to skip interactive prompts, which allows for environment modification without human oversight.- [EXTERNAL_DOWNLOADS]: The skill fetches definitions and code from theskills.shregistry and various GitHub repositories, including the author's own tools and repositories from trusted organizations like Vercel.- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection by processing uncontrolled user queries to search for and install external modules. Maliciously crafted search results could influence agent behavior. - Ingestion points: User-provided
[query]parameter inSKILL.md. - Boundary markers: Absent; no delimiters are used to isolate external search results.
- Capability inventory: File system modification and package installation via
npxinSKILL.md. - Sanitization: Absent; no validation or filtering of content from the external registry is described.
Audit Metadata