Skills
skills/kiranism/next-shadcn-dashboard-starter/find-skills/Gen Agent Trust Hub

find-skills

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the npx skills CLI tool to perform operations such as searching (find), checking for updates (check), and managing global installations.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the discovery and downloading of external code packages from GitHub and the skills.sh ecosystem.
  • [REMOTE_CODE_EXECUTION]: The skill provides the agent with instructions to install third-party code from remote sources. It explicitly directs the agent to include the -y flag (npx skills add <package> -g -y) to skip user confirmation prompts, which enables the non-interactive installation and execution of arbitrary code in the user's environment.
  • [PROMPT_INJECTION]: The skill ingests data from a remote registry via search results. This presents an indirect prompt injection surface where a malicious package could use deceptive metadata or manipulated reputation statistics (install counts) to influence the agent's decision to recommend or install malicious software.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 05:57 AM