find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to run shell commands using
npx. This provides a mechanism for arbitrary command execution on the host system beyond the intended scope of the skill manager. - [REMOTE_CODE_EXECUTION]: The skill's primary purpose is to fetch and install external logic via
npx skills add <package>. This involves downloading code from GitHub or other remote repositories and executing it within the agent's runtime environment, which can lead to the execution of malicious scripts if the source is not verified. - [EXTERNAL_DOWNLOADS]: The skill connects to external endpoints, including
https://skills.sh/and various package registries, to download skill definitions and metadata. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through search result poisoning.
- Ingestion points: The agent parses the output of the
npx skills findcommand (file: SKILL.md). - Boundary markers: No delimiters or safety instructions are provided to distinguish between search results and system instructions.
- Capability inventory: The agent possesses the capability to execute shell commands and install further remote code.
- Sanitization: There is no evidence of sanitization or validation of the search results before they are processed by the agent.
Audit Metadata