find-skills-combo
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes and evaluates untrusted skill descriptions from an external registry to guide its recommendations.
- Ingestion points: Untrusted data enters the agent context through the output of the
npx skills findcommand during the search phase. - Boundary markers: No delimiters or instructions are used to separate external search results from the agent's core instructions.
- Capability inventory: The skill can generate and offer to execute
npx skills addcommands, which involve network requests and global software installation. - Sanitization: There is no evidence that search results from the registry are sanitized or validated before being analyzed for relevance.
- [EXTERNAL_DOWNLOADS]: The skill is designed to recommend and facilitate the installation of remote code from third-party GitHub repositories. It specifically encourages the use of the global installation flag (
-g) and the auto-confirm flag (-y), which bypasses manual user review of the packages being installed. - [COMMAND_EXECUTION]: The skill's core functionality relies on generating and proposing the execution of shell commands using the
npx skillsCLI to search for, add, and update software in the user's environment.
Audit Metadata