find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to api.clawhub.com to retrieve skill metadata and search results, which is a core part of its discovery functionality.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the ClaWHub API, creating an indirect prompt injection surface. * Ingestion points: Processes JSON responses from api.clawhub.com containing skill names, descriptions, and metadata tags. * Boundary markers: No specific delimiters or boundary instructions are included in the prompt templates to segregate search results from agent instructions. * Capability inventory: Utilizes the 'requests' library to perform network operations. * Sanitization: No explicit sanitization or filtering of the API data is implemented in the provided integration examples.
Audit Metadata