find-skills
Fail
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install and execute remote code from unverified GitHub repositories using the 'npx skills add' command, allowing arbitrary code execution.
- [COMMAND_EXECUTION]: The skill executes shell commands based on user queries, which could be exploited for command injection if input is not properly sanitized.
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading packages from external, potentially untrusted third-party sources.
- [SECURITY_BYPASS]: The recommended installation command uses the '-y' flag to skip user confirmation, bypassing a vital manual review step.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted search results that could contain malicious instructions designed to manipulate agent behavior. Ingestion points: 'npx skills find' output in SKILL.md. Boundary markers: Absent. Capability inventory: 'npx' shell execution in SKILL.md. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata