find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill facilitates RCE by instructing the agent to download and execute arbitrary code from the web. Evidence: Instructions in SKILL.md to use 'npx skills add owner/repo@skill -g -y'. The '-y' flag is particularly dangerous as it bypasses user confirmation prompts during the installation of untrusted code.\n- [EXTERNAL_DOWNLOADS] (HIGH): The skill promotes the installation of code from unverified external sources, including arbitrary GitHub repositories and npm packages. Evidence: Frequent references to 'npx' and 'npx skills add' commands in SKILL.md.\n- [COMMAND_EXECUTION] (MEDIUM): The skill's primary function relies on executing shell commands. Evidence: Central use of 'npx skills find', 'npx skills add', and 'npx skills update' throughout the instructions.\n- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: The agent reads and displays output from 'npx skills find' and the external registry at skills.sh. 2. Boundary markers: Absent; the agent is not instructed to treat registry output as untrusted. 3. Capability inventory: The agent has the capability to execute 'npx skills add', leading to RCE. 4. Sanitization: Absent; there is no validation of the package names or descriptions returned by the search command. Malicious search results could manipulate the agent into performing unintended installations.
Recommendations
- AI detected serious security threats
Audit Metadata