use-findskill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill utilizes
npx findskillandnpm install -g findskill. These commands download and execute JavaScript from the npm registry. The source 'findskill' is not a verified or trusted entity, posing a significant RCE risk. - [Command Execution] (MEDIUM): The skill explicitly instructs the agent to run shell commands to manage the local environment and install software, including global npm installations and file system writes to
~/.claude/skills/. - [Prompt Injection] (LOW): The skill ingests untrusted metadata from an external registry, creating an indirect injection surface. Ingestion points: Metadata enters via
searchandinfocommands (file: SKILL.md). Boundary markers: None are present to distinguish registry data from system instructions. Capability inventory: The skill can execute subprocesses vianpxand write to the filesystem. Sanitization: No validation is performed on the downloaded content before the agent is told to follow it. - [Dynamic Execution] (MEDIUM): The workflow involves downloading a
SKILL.mdfrom the internet and then asking the agent to read and follow its instructions, representing dynamic instruction loading from untrusted sources.
Recommendations
- AI detected serious security threats
Audit Metadata