find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions to run
npx skills add <owner/repo@skill> -g -y, which downloads and executes code from arbitrary GitHub repositories. - Evidence: The
-yflag explicitly skips confirmation prompts, enabling silent execution of remote code. - Evidence: Use of
npxdynamically fetches and executes theskillspackage from the npm registry. - [COMMAND_EXECUTION] (HIGH): The skill grants the agent the ability to execute shell commands to manage system-wide software installations.
- Evidence: Detailed instructions for
npx skills findandnpx skills addinSKILL.mdencourage the agent to execute subprocesses based on external input. - [EXTERNAL_DOWNLOADS] (HIGH): The skill facilitates downloading packages from unverified external sources. While it mentions a trusted repository (
vercel-labs/agent-skills), the command structure allows any GitHub user/repo to be targeted. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it processes and acts upon untrusted data from an external registry.
- Ingestion points: Search results from
npx skills find [query](sourced fromskills.sh). - Boundary markers: Absent; search results are presented and processed as natural language instructions for the agent.
- Capability inventory: Shell execution (
npx skills add) and environment modification. - Sanitization: Absent; the agent is instructed to present findings and offer installation without verifying the content of the search results.
Recommendations
- AI detected serious security threats
Audit Metadata