use-findskill

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] skill_discovery_abuse: System prompt extraction attempt (SD002) [AITech 4.3] The SKILL.md is functionally benign and consistent with its stated purpose (finding and installing skills). However it describes installing and running third-party packages via npx/npm and allows overriding the registry endpoint (FINDSKILL_API). Those behaviors are normal for this kind of tool but carry standard supply-chain risks: malicious or compromised packages (or a malicious FINDSKILL_API) could execute arbitrary code on install or later when the agent follows a skill's instructions. Recommendation: treat installed skills as untrusted code — review SKILL.md and package contents before installing, avoid setting FINDSKILL_API to untrusted endpoints, prefer sandboxing or using vetted registries, and add integrity/signature checks and provenance checks to the workflow. Overall: no direct malicious content present in this document, but operationally it exposes a supply-chain risk if used without safeguards. LLM verification: The SKILL.md itself contains no direct malicious code or hard-coded secrets and appears operationally benign as documentation. However, its described workflow—especially use of npx (runtime execution of remote packages), optional global installs, and a configurable FINDSKILL_API endpoint—creates a meaningful supply-chain and prompt-injection risk. A malicious registry or package could deliver code or skill metadata (SKILL.md) that causes agents to execute arbitrary actions, exfiltrate data, or p