find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill provides instructions for the agent to download and install external code packages from potentially untrusted sources using
npx skills add <package>. This allows third-party code to be integrated into the agent's environment without prior verification. - REMOTE_CODE_EXECUTION (HIGH): The use of the
-yflag in the commandnpx skills add <owner/repo@skill> -g -yexplicitly bypasses confirmation prompts, leading to automated execution of remote scripts and package code on the host machine. - COMMAND_EXECUTION (MEDIUM): The skill requires the agent to execute shell commands (
npx skills). The search query[query]is derived from user prompts and interpolated into a command line, which may lead to command injection if the underlying execution environment does not adequately sanitize shell metacharacters. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Data enters the agent context through the output of
npx skills findwhich fetches external package metadata. - Boundary markers: None present; the agent treats search results as instructional data for presentation to the user.
- Capability inventory: The skill has the capability to write to the file system and execute code via the
addandupdatecommands. - Sanitization: There is no evidence of sanitization or validation of the search results before the agent processes them.
Recommendations
- AI detected serious security threats
Audit Metadata