find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill directs the agent to execute 'npx skills add', which downloads and potentially executes code from arbitrary GitHub repositories or external sources. Although the documentation references trusted sources like vercel-labs/agent-skills, the search functionality allows the agent to ingest and act upon results from any unvetted provider.\n- COMMAND_EXECUTION (MEDIUM): The skill relies on shell command execution via the 'npx' utility to manage system state and install tools. The use of the '-y' flag is particularly risky as it skips user confirmation prompts, allowing for silent installations.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill's core functionality involves fetching remote packages. Without strict allowlisting or integrity verification (e.g., checksums) of the search results, the agent may be tricked into installing malicious packages.\n- INDIRECT_PROMPT_INJECTION (LOW): This skill has a significant attack surface for indirect injection. \n
- Ingestion points: Search results from 'npx skills find [query]' (SKILL.md). \n
- Boundary markers: Absent; the agent is instructed to parse and present search results directly to the user. \n
- Capability inventory: Shell command execution and package installation ('npx skills add'). \n
- Sanitization: Absent; no validation is performed on the package names or descriptions returned from the external registry.
Audit Metadata