find-skills-scoped
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill's primary function is to execute
npx skills add <package>, which downloads and installs external code into the agent's environment. This provides a mechanism for executing arbitrary third-party code.\n- External Downloads (HIGH): The skill relies on fetching packages from the internet without a technical whitelist or verification mechanism for the sources, relying entirely on the 'npx skills' registry.\n- Indirect Prompt Injection (HIGH): The skill processes data from an external registry which could contain malicious instructions.\n - Ingestion points: Output from the
npx skills findcommand (package names/descriptions) enters the agent's context.\n - Boundary markers: Absent. No delimiters are used to wrap search results to prevent them from being interpreted as instructions.\n
- Capability inventory: The agent has the power to run shell commands and modify its own skill-set/capabilities.\n
- Sanitization: None. The agent is instructed to present options to the user and offer to install them, which can be manipulated by malicious package metadata.\n- Command Execution (MEDIUM): The skill involves frequent shell interaction (
npx), which increases the risk of command injection if package names or queries are not properly handled.
Recommendations
- AI detected serious security threats
Audit Metadata