Skills
skills/duvesalo/app/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the npx skills CLI tool to execute various system commands, including searching (find), installing (add), and updating software on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves information from the external registry https://skills.sh/ and facilitates the downloading of software directly from GitHub repositories.
  • [REMOTE_CODE_EXECUTION]: The skill enables the automated installation and execution of remote code through the npx skills add <package> -y command. The inclusion of the -y flag is a concern as it instructs the agent to skip confirmation prompts, which could lead to the installation of malicious packages if the search results are manipulated or if the user is misled into installing an untrusted repository.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 12:34 PM