Skills
skills/fwfutures/vibe-a-thon/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npx skills commands to find and add packages. It specifically utilize the -y flag to skip confirmation prompts during installation, which increases risk if the agent is misled.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading code from GitHub and npm. It references trusted sources such as vercel-labs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of external search results.
  • Ingestion points: Descriptions and metadata returned by npx skills find (SKILL.md).
  • Boundary markers: None identified; the skill directly incorporates search results into its output.
  • Capability inventory: The skill can install new executable code and update existing tools via the npx skills add and npx skills update commands (SKILL.md).
  • Sanitization: The skill does not perform validation or sanitization of the external registry data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 04:39 AM