find-skills
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes the npx skills command-line utility to search for, add, and update agent skills. This is the core functionality intended for managing modular agent extensions.
- [EXTERNAL_DOWNLOADS]: Orchestrates the installation of external packages from sources like GitHub via the npx skills add command. The skill specifically highlights trusted repositories from the Vercel Labs organization as primary sources.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface (Category 8) by processing user-provided queries and external search results.
- Ingestion points: User-provided task descriptions and CLI search results processed in the SKILL.md file.
- Boundary markers: Not present in the command templates.
- Capability inventory: Includes the ability to execute package installation commands via npx skills add.
- Sanitization: No sanitization or verification steps are defined before executing the install commands.
Audit Metadata