find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill provides instructions to download and execute code from arbitrary remote sources (GitHub/npm) through the
npx skills addcommand. - Evidence: The command
npx skills add <owner/repo@skill> -g -yinSKILL.mdallows the agent to install and run third-party code. - Risk: An attacker could distribute a malicious repository that the agent might find and install, leading to complete compromise of the agent's environment.
- EXTERNAL_DOWNLOADS (HIGH): The skill is centered around fetching code from external, non-whitelisted domains (specifically any GitHub repository provided in the command).
- Evidence:
npx skills add <owner/repo@skill>. - [TRUST-SCOPE-RULE]: While the skill mentions trusted sources like
vercel-labs/agent-skills, it provides a generic template for installing from any repository, which maintains a HIGH severity. - COMMAND_EXECUTION (HIGH): The skill instructs the agent to perform administrative-level actions such as installing software globally.
- Evidence: Use of the
-g(global) and-y(auto-confirm) flags innpx skills add. - PROMPT_INJECTION (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The output of
npx skills find [query]is untrusted data from an external registry. - Boundary markers: None are specified to help the agent distinguish between search results and instructions.
- Capability inventory: The agent has the capability to run shell commands and install/execute code (
npx). - Sanitization: None. The agent is encouraged to present and install findings directly.
- Risk: A malicious package description in the registry could contain instructions that trick the agent into executing the installation command without further user oversight.
Recommendations
- AI detected serious security threats
Audit Metadata