Skills
skills/citypaul/.dotfiles/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch the skills CLI from the NPM registry and facilitates downloading additional content from external GitHub repositories.
  • [COMMAND_EXECUTION]: Instructs the agent to execute shell commands using the npx skills utility to search for and manage tools.
  • [REMOTE_CODE_EXECUTION]: Provides functionality to install and execute third-party code packages, which is the primary purpose of this discovery and management utility.
  • [PROMPT_INJECTION]: The skill processes untrusted metadata from CLI search results, representing a surface for indirect prompt injection. (Ingestion points: Results from the npx skills find command; Boundary markers: None explicitly defined; Capability inventory: Shell access for package management; Sanitization: Specific instructions to verify install metrics and trust established developer organizations).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 08:30 PM