Skills
skills/maxmiksa/auto-company/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the npx skills command-line utility to search for and install new functionality.
  • [EXTERNAL_DOWNLOADS]: It facilitates the download of third-party modular skills from GitHub and other repositories. It identifies vercel-labs/agent-skills as a trusted source for performance guidelines.
  • [REMOTE_CODE_EXECUTION]: The skill installs and executes external code via the npx package runner, using automated flags to skip user confirmation.
  • [PROMPT_INJECTION]: There is a potential for indirect prompt injection via search results from the skills registry.
  • Ingestion points: Data returned from npx skills find.
  • Boundary markers: Absent from the command execution flow.
  • Capability inventory: The agent can perform CLI execution and software installation.
  • Sanitization: No validation or filtering of registry-provided text is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 03:33 PM