unified-find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates user-provided search terms directly into shell commands (e.g.,
npx skills find [query]andclawhub search "[query]") without escaping or validation. This allows a user to execute arbitrary commands by crafting a search query containing shell metacharacters. It also suggests using the-gflag for global installations, which may involve elevated privileges. - [REMOTE_CODE_EXECUTION]: The skill's primary purpose is to install and execute code from third-party registries such as skills.sh, clawhub.com, and tessl.io. It specifically encourages installation methods like
npx skills add <owner/repo@skill>andtessl install github:user/repowhich execute code from arbitrary GitHub repositories. - [EXTERNAL_DOWNLOADS]: The skill uses
curlto fetch content fromtessl.ioandnpmto install global CLI tools. While functional, this involves downloading and executing content from external servers at runtime. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes and displays output from external registries that may contain malicious instructions.
- Ingestion points: Output from searches on skills.sh, clawhub, and tessl.io ingested into the agent context via
SKILL.md. - Boundary markers: None; results from external sources are presented without delimiters or instructions to ignore embedded prompts.
- Capability inventory: Shell command execution, package installation, and network access (curl) as defined in
SKILL.md. - Sanitization: There is no evidence of validation or filtering for content retrieved from external registries.
Audit Metadata