find-skills
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of external code using the
npx skillspackage manager. It specifically instructs the agent to use the-yflag, which bypasses confirmation prompts during the installation of third-party packages from the ecosystem. - [COMMAND_EXECUTION]: The skill relies on executing shell commands, including
npx skills findandnpx skills add, to search for and modify the local agent environment. - [EXTERNAL_DOWNLOADS]: Fetches skill configurations, metadata, and code from the
skills.shregistry and GitHub repositories. It explicitly recommends sources such asvercel-labs/agent-skills, which is a trusted organization. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection.
- Ingestion points: The skill processes and displays output from the
npx skills findcommand, which retrieves unvalidated descriptions and metadata from a public registry. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potentially malicious instructions embedded within the search results or skill descriptions.
- Capability inventory: The skill possesses significant capabilities, including the ability to install and execute arbitrary remote packages via
npx. - Sanitization: There is no evidence of sanitization or verification of the content returned from the external registry before it is presented to the agent or used to trigger installation commands.
Audit Metadata