find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill's primary function is to download and install external packages from various sources (GitHub, etc.) via the
npx skills addcommand. While the documentation mentions trusted sources likevercel-labs/agent-skills, it allows for the installation of any package found via keyword search. - REMOTE_CODE_EXECUTION (MEDIUM): The skill promotes the use of
npx, a tool that executes code from the npm registry or remote repositories. It specifically suggests the-yflag (e.g.,npx skills add <package> -g -y) to skip confirmation prompts, which could lead to the unintended execution of malicious code if a user is tricked into installing a compromised skill. - COMMAND_EXECUTION (MEDIUM): User-provided search queries are directly interpolated into shell commands (e.g.,
npx skills find [query]). This creates a surface for command injection if the underlying execution environment does not strictly sanitize the input string. - INDIRECT_PROMPT_INJECTION (LOW): This skill exhibits a vulnerability surface to indirect prompt injection.
- Ingestion points: Untrusted data enters via search queries and the textual output of the
npx skills findcommand (SKILL.md). - Boundary markers: None present in the instructions to separate search results from system instructions.
- Capability inventory: The skill utilizes
npxfor command execution and package installation. - Sanitization: No evidence of input sanitization or validation of the search results before presenting them to the user or executing installation commands.
Audit Metadata