Skills
skills/antfu/skills-cli/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using npx skills. Specifically, the npx skills find [query] pattern allows user-supplied text to be interpolated into a command line, creating a risk of command injection if the input contains shell metacharacters like ;, &&, or |.
  • [REMOTE_CODE_EXECUTION]: The npx skills add <package> command downloads and installs executable code from arbitrary GitHub repositories. This facilitates the execution of remote code that has not been verified by the agent or the platform.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external software packages from the npm registry and GitHub during the search and installation processes.
  • [COMMAND_EXECUTION]: The skill recommends using the -y flag with npx skills add, which suppresses interactive confirmation prompts. This allows the agent to install and execute new software without explicit user approval of the specific package being added.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 06:11 AM