The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing shell commands via the Node Package Runner (npx). It uses npx skills find to search and npx skills add to install packages.
[EXTERNAL_DOWNLOADS]: The core functionality involves downloading modular packages from external sources, primarily GitHub repositories, to extend agent capabilities.
[REMOTE_CODE_EXECUTION]: The npx skills add <owner/repo@skill> command installs and potentially executes code from third-party repositories. While it mentions trusted sources like Vercel Labs, it also allows installation from any GitHub user, which poses a risk of executing malicious scripts or binaries.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from the search results of the find command (sourced from the skills.sh registry). These results are then presented to the agent, which could be manipulated into executing malicious installation commands if the search metadata contains instructional overrides.
[PERSISTENCE]: The use of the -g (global) flag in the installation command (npx skills add <package> -g) suggests changes that persist across the user's environment, potentially allowing installed malicious skills to maintain access or influence.

find-skills