find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes 'npx @juanibiapina/skulls add' to download and execute arbitrary code. The '@juanibiapina' package and the associated 'skills.sh' registry are not within the trusted scope rules. \n- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. The skill ingests untrusted data from the external 'skills.sh' registry during the discovery process. Maliciously crafted skill names or descriptions could contain instructions to hijack the agent or trick it into installing malicious packages. Mandatory Evidence Chain: 1. Ingestion: 'find' command output from 'skills.sh'. 2. Boundaries: Absent. 3. Capability: Subprocess execution via 'npx' and 'add' command. 4. Sanitization: None. \n- [COMMAND_EXECUTION] (HIGH): The skill grants the agent the capability to execute shell commands using the 'npx' utility to manage system-level skill installations.
Recommendations
- AI detected serious security threats
Audit Metadata