find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
npx skillscommand-line utility to search for, install, and update agent capabilities. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of remote code from GitHub and other repositories via the
npx skills addcommand. The documentation suggests the use of the-yflag, which bypasses user confirmation prompts, potentially leading to the execution of unverified third-party code. It mentions well-known sources such as the Vercel Labs repository as examples of safe locations for finding skills. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from external data sources.
- Ingestion points: The agent processes and presents data returned from the
npx skills findcommand, which includes package descriptions and metadata from untrusted external sources. - Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between search results and its own system instructions.
- Capability inventory: The agent has the capability to execute shell commands and install remote code packages on the host system.
- Sanitization: The skill does not implement any validation, filtering, or sanitization of search results before they are presented to the user or used as parameters for installation commands.
Audit Metadata