The Agent Skills Directory

Remote Code Execution (HIGH): The core functionality of the skill is to download and execute code from remote sources using the pnpm dlx skills add command. The instructions explicitly recommend using the -y or --yes flag to skip interactive confirmation prompts (e.g., in SKILL.md and references/discovery-guide.md). This allows an agent to install arbitrary software from untrusted repositories (like the suggested oakoss/agent-skills) without human oversight.
Indirect Prompt Injection (LOW): The scripts/enrich_find.js script fetches HTML content from skills.sh and agent-skills.md to provide skill descriptions. This content is processed and presented to the AI agent without sanitization for malicious instructions.
Ingestion points: scripts/enrich_find.js via https.get fetching from skills.sh and agent-skills.md.
Boundary markers: Absent; fetched descriptions are printed directly to the console output.
Capability inventory: The agent has the capability to execute commands and install persistent code via the skills CLI.
Sanitization: Minimal; the script strips HTML tags but does not filter for embedded natural language instructions.
Command Execution (MEDIUM): The scripts/enrich_find.js script uses child_process.execFileSync to execute the pnpm CLI. While execFileSync is generally safer than exec regarding shell injection, the script dynamically passes user-provided search queries as arguments to a remote package execution command (pnpm dlx).

find-skills