find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill is designed to fetch and execute third-party code through the Skills CLI and npx. The instructions specifically guide the agent to use the -y flag during installation, which suppresses user confirmation and allows for the silent execution of untrusted scripts.
- EXTERNAL_DOWNLOADS (HIGH): The skill uses the Bash tool to execute npx commands that download packages from the open ecosystem. This creates a supply chain risk where malicious packages could be introduced into the agent's environment.
- COMMAND_EXECUTION (MEDIUM): The skill relies on the Bash tool to perform its core functions, including searching for and adding new skills, which involves running shell commands based on potentially untrusted metadata.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: The output from npx skills find (sourced from skills.sh) is ingested into the agent's context. 2. Boundary markers: None are present in the prompt to separate search results from instructions. 3. Capability inventory: Bash, WebFetch, and the ability to install further executable code. 4. Sanitization: No sanitization is performed on the incoming skill descriptions or metadata, allowing an attacker to craft a skill that, when found, provides instructions to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata