find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill allows the agent to download and install packages from GitHub using
npx skills add <owner/repo>. While GitHub is a common source, the ability to pull from arbitrary, non-vetted repositories represents an external code dependency risk. - [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the agent to run shell commands like
npx skills add <package> -g -y. The-yflag is particularly risky as it bypasses user confirmation prompts during the installation process, allowing for silent code execution. - [REMOTE_CODE_EXECUTION] (MEDIUM): By design, this skill installs and potentially executes code from remote sources. The automated installation of external packages without a manual verification step (due to the
-yflag) is a high-risk capability, though it is the primary purpose of this specific skill. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The agent ingests search results from the
npx skills findcommand (metadata/descriptions of external skills). - Boundary markers: Absent; the instructions don't specify how to handle malicious content in skill descriptions.
- Capability inventory: The skill can execute command-line installation via
npx. - Sanitization: None; the agent is expected to present finding details directly to the user.
- Risk: Malicious skill metadata in a public registry could potentially contain instructions to trick the agent into performing unauthorized installations.
Audit Metadata