find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill allows the agent to install and execute code from third-party repositories without user intervention.
- Evidence: The instructions explicitly tell the agent to use
npx skills add <owner/repo@skill> -g -yto install skills. The-yflag is defined as 'skips confirmation prompts', which creates an automated path for executing untrusted code. - EXTERNAL_DOWNLOADS (HIGH): The skill is designed to download content from the public GitHub ecosystem.
- Evidence: The skill encourages searching for and adding packages from any GitHub
<owner/repo>. - COMMAND_EXECUTION (MEDIUM): The skill utilizes shell commands (
npx) to manage system-level packages. - Evidence: Core functionality is built around executing
npx skillssubcommands. - INDIRECT_PROMPT_INJECTION (LOW): The skill possesses an attack surface where malicious metadata in third-party skill search results could influence agent behavior.
- Ingestion points: Results returned from the
npx skills findcommand (SKILL.md Step 2). - Boundary markers: None. The agent is instructed to present these results directly to the user (SKILL.md Step 3).
- Capability inventory: The agent can execute commands and write files via
npx skills add(SKILL.md Step 4). - Sanitization: No instructions provided to sanitize or validate the search results before processing.
Recommendations
- AI detected serious security threats
Audit Metadata