find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructions direct the agent to install external code from arbitrary GitHub repositories using
npx skills add <owner/repo>. Crucially, it recommends the-yflag, which skips all confirmation prompts and safety warnings, allowing for the silent installation and subsequent execution of potentially malicious scripts. - EXTERNAL_DOWNLOADS (HIGH): The skill facilitates downloading software from an unvetted 'open agent skills ecosystem' (skills.sh). While it mentions some trusted sources like
vercel-labs, it also promotes untrusted sources and general keyword searching which can lead to typosquatting or malicious package discovery. - COMMAND_EXECUTION (MEDIUM): The tool relies on shell command execution for its core functionality. It encourages global installation (
-g), which can lead to higher impact if a downloaded skill contains persistence mechanisms or modifies system-wide configurations. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests data from external search results. A malicious actor could publish a skill with a name or description containing instructions designed to hijack the agent's logic when it parses the search output (Category 8).
- Ingestion points: Search results from
npx skills find. - Boundary markers: None; the agent is expected to parse and repeat the results.
- Capability inventory: Subprocess calls (
npx), network operations (implicit innpx). - Sanitization: None; the skill encourages direct interpolation of search results into the conversation.
Recommendations
- AI detected serious security threats
Audit Metadata