discover-skills
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides templates for npx commands (e.g., npx skills add owner/repo) which download and execute code from remote repositories.
- [PROMPT_INJECTION]: The skill processes untrusted external data which could lead to indirect prompt injection. 1. Ingestion points: Reads from local skills/INDEX.md, manifest.json, and public catalogs. 2. Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands in the source data. 3. Capability inventory: Generates commands that the agent or user is encouraged to execute. 4. Sanitization: No validation or filtering of catalog descriptions or metadata is performed.
- [EXTERNAL_DOWNLOADS]: The skill logic includes fetching information from public skill catalogs when local indexes do not provide a match.
Audit Metadata