find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill is designed to download and execute external code using the
npx skills addcommand. It explicitly recommends the-yflag to skip confirmation prompts, which creates a high risk of automatically installing and running malicious code if the agent is directed to a compromised or malicious repository. - COMMAND_EXECUTION (MEDIUM): The skill instructions provide the agent with direct shell command patterns for searching and installing software packages, which requires access to the system's execution environment.
- EXTERNAL_DOWNLOADS (LOW): The skill connects to
https://skills.sh/and various GitHub repositories to fetch new functionality. While sources likevercel-labsare categorized as trusted, the tool's ability to fetch from arbitrary 'other sources' presents a risk factor. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through the ingestion of search results.
- Ingestion points: Data returned from the
npx skills findcommand (skill names, descriptions, and metadata). - Boundary markers: Absent; the instructions do not specify any delimiters or safety headers to prevent the agent from obeying instructions embedded in the search results.
- Capability inventory: The skill has the capability to execute shell commands and install additional code.
- Sanitization: None; the agent is expected to present search results directly, which could trigger unwanted behavior if those results contain malicious instructions.
Audit Metadata