skills-discovery
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill uses
npx skills-installerto execute external code from an untrusted package registry. This represents a supply chain risk where the installer or the npm registry could serve malicious content. - EXTERNAL_DOWNLOADS (MEDIUM): The skill performs HTTP requests to
https://claude-plugins.dev/api/skills, an unverified third-party domain not included in the trusted sources list. - DYNAMIC_EXECUTION (MEDIUM): The skill's primary purpose is to dynamically install and load new scripts based on external data, which creates a risk of loading and executing malicious capabilities into the agent's runtime environment.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests and processes unverified skill names and descriptions from an external API. Evidence Chain: 1. Ingestion points:
curlresponse from the registry API. 2. Boundary markers: Absent. 3. Capability inventory: Command execution (npx,curl). 4. Sanitization: No evidence of validation or escaping for the data returned by the API. - COMMAND_EXECUTION (LOW): The skill relies on shell command execution (
curl,npx) to perform its core management and discovery tasks.
Audit Metadata