find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill installs and executes external code using
npx skills addthrough thescripts/install-skill.shscript. This allows for the installation of arbitrary packages from the npm registry, which is a high-risk operation if the packages are not from trusted sources. The-yflag in the script enables non-interactive installation, facilitating automated remote code execution. - COMMAND_EXECUTION (HIGH): The
scripts/install-skill.shscript executes multiple shell commands (npx,ln,mkdir) using inputs provided by the agent. While it uses quoting, there is insufficient validation of the skill identifier, which could be exploited for command injection if the agent processes malformed search results or user input. - EXTERNAL_DOWNLOADS (MEDIUM): The skill facilitates downloading content from external, unverifiable sources like the 'skills.sh' registry and the npm package manager.
- PROMPT_INJECTION (LOW): This skill is vulnerable to indirect prompt injection via its search capability. A malicious actor could publish a skill with deceptive metadata to influence the agent's behavior during discovery. Ingestion points: Data from
npx skills findas described inSKILL.md. Boundary markers: Absent; there are no delimiters separating search results from agent instructions. Capability inventory: Remote package installation and filesystem modification inscripts/install-skill.sh. Sanitization: Absent; search results are processed and displayed without validation.
Recommendations
- AI detected serious security threats
Audit Metadata