find-skills
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the
npx skillsCLI to perform searches and manage package installations.\n- [EXTERNAL_DOWNLOADS]: Fetches skill definitions and packages from theskills.shregistry and various GitHub repositories, including Vercel Labs' public repository.\n- [REMOTE_CODE_EXECUTION]: Thenpx skills addcommand is used to download and install executable code. The skill instructions suggest using the-yflag to skip installation confirmation, which could facilitate the silent execution of third-party code.\n- [PROMPT_INJECTION]: The skill processes external search results from the CLI, creating a surface for indirect prompt injection.\n - Ingestion points: Search results from the
npx skills findcommand (SKILL.md).\n - Boundary markers: Absent; there are no instructions to the agent to validate or sanitize content returned from external searches.\n
- Capability inventory: The agent has the ability to write files and execute shell commands (
npx skills add) based on the untrusted search output (SKILL.md).\n - Sanitization: Absent; search results are used directly for presentation or installation without filtering.
Audit Metadata