find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill is designed to search and download content from external Git repositories (GitHub, GitLab, etc.). While it references some trusted organizations like Vercel-labs, it explicitly supports any user-provided repository URL.
- REMOTE_CODE_EXECUTION (MEDIUM): The primary purpose of the skill is to run
npx skills add, which downloads and integrates new executable code into the agent's environment. This constitutes remote code execution as the agent's capabilities are extended with unverified external logic. - COMMAND_EXECUTION (LOW): The skill utilizes shell commands (
npx) and Python scripts to perform its operations. Although the instruction mandates user confirmation before installation, the mechanism allows for arbitrary repository paths to be passed to the shell.
Audit Metadata