find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill allows the agent to download and install third-party packages from GitHub using the 'npx skills add' command. The instruction to use the '-y' flag (skipping confirmation) and '-g' (global installation) significantly increases the risk of installing malicious software without human oversight.
- REMOTE_CODE_EXECUTION (MEDIUM): Installing and running skills from arbitrary GitHub repositories constitutes remote code execution. Although the skill is intended for capability extension, it lacks a verification mechanism for the safety of the packages it installs at runtime.
- COMMAND_EXECUTION (MEDIUM): The skill relies on the direct execution of shell commands such as 'npx skills find' and 'npx skills add'. This capability, combined with automated installation instructions, poses a risk of unauthorized system-wide modifications.
- EXTERNAL_DOWNLOADS (LOW): References to 'vercel-labs/agent-skills' involve a trusted source according to security policy, which downgrades the risk level for that specific repository.
- INDIRECT_PROMPT_INJECTION (LOW): [1] Ingestion points: Data returned by the 'npx skills find' command output (skill names, descriptions, and metadata). [2] Boundary markers: The skill lacks delimiters or explicit warnings to ignore instructions that might be embedded in the search results. [3] Capability inventory: The agent is authorized to perform network searches and software installations. [4] Sanitization: No validation or sanitization is performed on search outputs before interpreting them as safe options for installation.
Audit Metadata