skills-discovery
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill uses
npx skills-installerto install external packages. Usingnpxwithout a fixed version or hash is an unverifiable dependency pattern. Furthermore, the skills being installed are themselves executable content, creating a path for remote code execution. This is the primary purpose of the skill, hence the severity is maintained at MEDIUM. - Data Exposure & Exfiltration (LOW): The skill performs network requests to
claude-plugins.devusingcurl. This domain is not included in the trusted source whitelist. While the traffic appears limited to search queries, it establishes an outbound connection to an external service not explicitly trusted by the safety framework. - Indirect Prompt Injection (LOW): The skill processes data from an external API which is then presented to the agent. Ingestion points: API response data in the 'Discovery workflow'. Boundary markers: Absent in the search and presentation logic. Capability inventory: Includes shell execution (
npx,curl). Sanitization: No evidence of sanitization for the 'description' or 'name' fields returned by the registry, which could be used to inject instructions to the agent during the selection process. - Command Execution (LOW): The skill documentation provides several shell commands for the agent to execute, including
npxandcurl, which are used to interact with the external registry and modify the local environment.
Audit Metadata