find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
npx skillscommand-line utility to perform searches, updates, and installations of external functionality.- [EXTERNAL_DOWNLOADS]: Utilizesnpx skills addto fetch and install skills from remote repositories, including GitHub. It identifies trusted sources such as thevercel-labsorganization for these downloads.- [REMOTE_CODE_EXECUTION]: Uses thenpxpackage runner to execute the skills management tool, which involves downloading and running code from the npm registry at runtime.- [PROMPT_INJECTION]: Ingests search results from thenpx skills findcommand which creates an indirect prompt injection surface where malicious package metadata could influence the agent; however, the skill provides instructions for identifying reputable sources.
Audit Metadata