find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to run 'npx skills add -g -y'. The use of the '-y' flag is particularly dangerous as it skips all interactive confirmation prompts, allowing the agent to automatically install and execute third-party code without human oversight.- EXTERNAL_DOWNLOADS (HIGH): The skill facilitates the download of code from arbitrary GitHub repositories and the 'skills.sh' registry. While it mentions trusted sources like 'vercel-labs/agent-skills', it also suggests unverified sources like 'ComposioHQ/awesome-claude-skills', making the overall workflow susceptible to supply chain attacks.- COMMAND_EXECUTION (MEDIUM): The skill's primary function involves executing shell commands ('npx') based on dynamic user queries. This introduces a risk of command injection if the query or package names are not strictly validated.- PROMPT_INJECTION (LOW): Contains a surface for Indirect Prompt Injection. The agent ingests untrusted data from 'npx skills find' output. 1. Ingestion point: CLI search results. 2. Boundary markers: Absent. 3. Capability: Installation of global packages. 4. Sanitization: Absent. A malicious package description could attempt to trick the agent into performing unauthorized installations.
Recommendations
- AI detected serious security threats
Audit Metadata