find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill facilitates the installation of agent skills from external GitHub repositories using
npx skills add <owner/repo@skill>. While the [TRUST-SCOPE-RULE] applies to the mention ofvercel-labs/agent-skills, the general capability allows the agent to fetch code from any untrusted repository. - REMOTE_CODE_EXECUTION (MEDIUM): Installation via
npxinvolves executing remote code. The skill specifically recommends the-yflag (npx skills add <package> -g -y), which bypasses confirmation prompts, potentially allowing an attacker to trick the agent into installing and running malicious code automatically. - COMMAND_EXECUTION (MEDIUM): The skill utilizes shell commands (
npx skills find,npx skills add) to perform its primary functions. These commands are executed in the local environment and are driven by user-supplied parameters. - PROMPT_INJECTION (LOW): This finding identifies an Indirect Prompt Injection surface (Category 8).
- Ingestion points: User-provided search queries are interpolated into the
[query]placeholder. - Boundary markers: None identified; queries are passed directly to the shell.
- Capability inventory: Subprocess execution via
npx. - Sanitization: None; the skill does not specify escaping or validation for the user query before shell execution.
Audit Metadata