find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using the 'npx skills' CLI tool to manage agent extensions.
- Evidence: Operational steps include running
npx skills find,npx skills check, andnpx skills updatewithin the host environment. - [EXTERNAL_DOWNLOADS]: The skill downloads software packages from the npm registry and arbitrary GitHub repositories.
- Evidence: The command
npx skills add <owner/repo@skill>is used to fetch code from remote sources, and the skill references the external browse domainskills.sh. - [REMOTE_CODE_EXECUTION]: Facilitates the installation and potential execution of remote code from unverified third-party repositories.
- Evidence: The skill provides instructions to run
npx skills addwith the-g(global) and-y(yes) flags, which installs software globally and bypasses confirmation prompts, creating a direct vector for unverified code execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via manipulated metadata in the search results from external registries.
- Ingestion points: Results from the
npx skills findcommand (containing third-party skill names and descriptions) are processed and displayed by the agent. - Boundary markers: Absent; there are no instructions to wrap or isolate search result text before it is presented to the user or context.
- Capability inventory: The agent has shell execution capabilities via the
npxcommand. - Sanitization: Absent; the agent is instructed to present skill information directly from the registry output without validation or filtering.
Audit Metadata