skill-finder
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill implements an automated 'Phase 4a: Auto-Install' process that executes
npx claude-plugins skills install <namespace>using data retrieved from an external, untrusted API. This allows for arbitrary code execution if a malicious namespace is provided by the registry. - INDIRECT_PROMPT_INJECTION (CRITICAL): This is a primary attack vector. The skill's logic depends on evaluating external search results from
claude-plugins.dev. An attacker can host a malicious skill with a deceptive description and spoofed metrics (stars/installs) to trigger the agent's auto-install logic. - Ingestion points: Search results from
https://claude-plugins.dev/api/skills. - Boundary markers: None. The agent processes raw JSON from the external API.
- Capability inventory: Full command execution (
npx), file system write access (.claude/skills/), and the ability to define and execute new agent instructions. - Sanitization: Non-existent. The skill relies on 'stars' and 'installs' as security metrics, which are easily manipulated in community registries.
- EXTERNAL_DOWNLOADS (HIGH): The 'Troubleshooting' section explicitly instructs the agent to fetch content from
rawFileUrl(e.g., raw.githubusercontent.com) and manually create executable skill directories if thenpxcommand fails. This bypasses even the minimal checks performed by a package manager. - COMMAND_EXECUTION (HIGH): The skill makes heavy use of shell commands (
npx,mkdir) to modify the local environment. When combined with untrusted external input, this creates an unmitigated risk of privilege escalation or system persistence. - PERSISTENCE (HIGH): By installing skills into the
.claude/skills/directory, the skill creates a mechanism for malicious instructions or scripts to persist across agent sessions.
Recommendations
- AI detected serious security threats
Audit Metadata