find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
npx skillstool, performing shell commands based on search queries and package names. - [REMOTE_CODE_EXECUTION]: The
addcommand installs external skills from GitHub or other sources, which can include executable code. - [EXTERNAL_DOWNLOADS]: The skill fetches metadata and packages from the
skills.shregistry and GitHub repositories. References to trusted organizations such asvercel-labsare included in the documentation. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface.
- Ingestion points: Search results from the
npx skills findcommand as documented inSKILL.md. - Boundary markers: No delimiters or specific warnings are used to prevent the agent from potentially obeying instructions embedded in retrieved skill descriptions.
- Capability inventory: The agent can execute shell commands and install or update software via the
npx skillsCLI. - Sanitization: No validation or filtering is performed on the externally-retrieved skill metadata before it is processed or presented to the user.
Audit Metadata