fd-find
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE] (SAFE): The skill provides documentation for 'fd', a reputable open-source file finder. No malicious scripts or payloads are included in the skill package.
- [EXTERNAL_DOWNLOADS] (LOW): The skill suggests installation via 'brew' and 'apt' for the 'fd' package from the 'sharkdp/fd' repository. While not on the explicit trusted organization list, these are standard package manager sources for a widely-used utility.
- [PROMPT_INJECTION] (LOW): As a file-finding tool that can execute commands on results, it presents an indirect prompt injection surface.
- Ingestion points: Filenames and directory paths from the local filesystem.
- Boundary markers: None identified in documentation examples.
- Capability inventory: Support for arbitrary command execution on found items via
-xand-Xflags. - Sanitization: None described in the documentation, though the utility itself handles many filesystem edge cases safely.
Audit Metadata