related-skill
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill uses
npxto download and run theskillspackage and facilitates the installation of further remote code vianpx skills add. These downloads originate frominference.sh, which is not included in the 'Trusted External Sources' list, making them unverifiable dependencies. - [COMMAND_EXECUTION] (MEDIUM): The skill defines a broad execution scope
Bash(npx skills *). This allows the agent to perform any subcommand, including adding, updating, or removing software on the system, which poses a risk if the agent is manipulated into installing a malicious package. - [INDIRECT_PROMPT_INJECTION] (LOW): This skill has a significant attack surface for indirect injection.
- Ingestion points: Data enters the agent context through the output of
npx skills searchandnpx skills listfrom a remote registry. - Boundary markers: No delimiters or warnings are present to prevent the agent from obeying instructions embedded in search results.
- Capability inventory: The skill has the capability to write and execute code via the
addandupdatecommands. - Sanitization: There is no evidence of sanitization for registry data. An attacker could poison the registry with malicious skill descriptions to trick the agent into installing a backdoor.
Audit Metadata