find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the
npx skillscommand to search for and download software packages from external repositories.\n- [REMOTE_CODE_EXECUTION]: The skill instructions promote the use of thenpx skills add <package> -ycommand, which installs and enables external code to run on the system without manual confirmation of the source or safety.\n- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands to find and install functional extensions, interacting directly with the system's runtime environment.\n- [PROMPT_INJECTION]: The skill possesses a vulnerability to indirect prompt injection because it processes unvalidated data from search results.\n - Ingestion points: Output from search queries performed via the skills CLI is processed by the agent as described in
SKILL.md.\n - Boundary markers: No explicit instructions or boundary markers are provided to the agent to treat search result content as untrusted or to ignore embedded directives.\n
- Capability inventory: The skill allows the agent to perform command execution and code installation as seen in
SKILL.md.\n - Sanitization: There is no filtering or sanitization of content retrieved from the search process.
Audit Metadata