find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run shell commands using
npx, specificallynpx skills find,npx skills add, andnpx skills initto manage external capabilities. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external code from GitHub and other repositories via the
npx skills addcommand. - [REMOTE_CODE_EXECUTION]: The use of
npx skills add <owner/repo@skill> -g -yallows for the automated installation and potential execution of remote code. The-yflag is used to skip user confirmation prompts, which increases the risk of executing malicious content if the agent selects an untrusted or typosquatted repository during the discovery process. - [PROMPT_INJECTION]: The skill exposes an indirect injection surface by processing and acting upon untrusted data from an external registry.
- Ingestion points: Results from the
npx skills find [query]command, which includes package names and descriptions from a public registry, are ingested into the agent context. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the search results before they are displayed or used for further actions.
- Capability inventory: The agent has the capability to execute shell commands (
npx) and install remote code based on these search results. - Sanitization: There is no evidence of sanitization or validation of the external content retrieved from the
skills.shregistry or GitHub descriptions.
Audit Metadata