Skills
skills/happycapy-ai/happycapy-skills/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the npx skills command-line interface to perform search, installation, and update operations.
  • Evidence: npx skills find [query], npx skills add <package>, npx skills check, and npx skills update commands are documented in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of capabilities from external sources, specifically GitHub repositories.
  • Evidence: SKILL.md describes the use of npx skills add <owner/repo@skill> to fetch and install packages. It specifically references repositories from Vercel Labs.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes and presents data from an external registry to the user.
  • Ingestion points: Search results from the npx skills find command are ingested into the agent's context (SKILL.md).
  • Boundary markers: No specific delimiters or boundary markers are defined for the search result output.
  • Capability inventory: The skill has the capability to execute commands like npx skills add to modify the agent's environment (SKILL.md).
  • Sanitization: No sanitization or validation of external package descriptions is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 07:17 AM