Skills
skills/panaversity/agentfactory/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill guides the agent to execute shell commands using the npx utility to invoke the skills CLI for searching, checking updates, and modifying the environment.
  • [REMOTE_CODE_EXECUTION]: It leverages npx skills add to download and install executable code from external sources like GitHub. The instructions encourage the use of the -y flag to automate installation by bypassing interactive confirmation prompts.
  • [EXTERNAL_DOWNLOADS]: The skill references the skills.sh registry and GitHub for retrieving package metadata and code. These interactions are associated with the tool's primary purpose of package management.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists as the agent processes results from the npx skills find command, which contains untrusted external data.
  • Ingestion points: Search results from the external skills CLI tool.
  • Boundary markers: None provided in the instruction set to delimit search results.
  • Capability inventory: The agent can perform shell execution and install new code packages.
  • Sanitization: No validation or escaping of external search result content is described before presentation or action.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 05:48 AM