find-skills
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and install external packages from the open agent skills ecosystem, specifically targeting repositories on GitHub through the 'npx skills' package manager.
- [REMOTE_CODE_EXECUTION]: Provides instructions to execute 'npx skills add -g -y', which downloads and installs executable code from remote repositories. The use of the '-y' flag explicitly bypasses interactive confirmation prompts during the installation process.
- [COMMAND_EXECUTION]: Leverages the shell to execute CLI commands ('npx skills find', 'npx skills add', 'npx skills update') to manage environment capabilities.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via tool output poisoning.
- Ingestion points: Data enters the agent context through the output of 'npx skills find [query]', which retrieves names and descriptions from an external, open registry.
- Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the search results.
- Capability inventory: The agent has the capability to execute 'npx skills add' (command execution/RCE) based on these results.
- Sanitization: No sanitization or validation of the search results is performed before presenting options to the user or proceeding with installation.
Audit Metadata