find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes the
npx skills addcommand to download and execute external code. This is a direct vector for Remote Code Execution (RCE) as it allows the agent to pull and install software from remote repositories. - [COMMAND_EXECUTION] (HIGH): The skill constructs and executes shell commands (
npx skills find [query]) using unvalidated user input. This creates a surface for command injection where a user or an attacker-controlled input could append malicious shell operators. - [EXTERNAL_DOWNLOADS] (HIGH): The skill encourages downloading packages from both trusted and untrusted sources. While
vercel-labs/agent-skillsis a trusted source, the skill specifically suggests other untrusted sources likeComposioHQ/awesome-claude-skillsand 'other sources', which circumvents security best practices for dependency management. - [INDIRECT PROMPT INJECTION] (HIGH): The skill processes external content (search results from the
npx skills findcommand) and uses that content to suggest or perform further high-privilege actions like installation. - Ingestion points: Search results from the Skills CLI and user-provided queries.
- Boundary markers: None present. The skill directly interpolates external strings into the agent's workflow.
- Capability inventory: The skill has the ability to execute shell commands and modify the system via package installation.
- Sanitization: No sanitization or validation of the search results or package identifiers is performed before installation.
Recommendations
- AI detected serious security threats
Audit Metadata