The Agent Skills Directory

REMOTE_CODE_EXECUTION (MEDIUM): The skill's primary function is to execute npx skills add <package>, which downloads and installs external code into the agent's environment.
Evidence: The instruction npx skills add <owner/repo@skill> -g -y allows the agent to install global packages from arbitrary GitHub repositories while explicitly skipping confirmation prompts (-y).
Context: While this is the intended purpose of the skill, the lack of a mandatory manual review step for non-trusted repositories poses a risk if the agent is manipulated into installing a malicious package.
COMMAND_EXECUTION (MEDIUM): The skill relies on shell command execution to perform its tasks.
Evidence: Use of npx skills find, npx skills check, and npx skills update in the skill body.
EXTERNAL_DOWNLOADS (LOW): The skill interacts with external registries and repositories.
Evidence: References to https://skills.sh/ and various GitHub repositories.
Trust Scope: References to vercel-labs/agent-skills are considered trusted per the security policy, which downgrades those specific findings, but the general capability to install from any user/repo remains a concern.
INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection from the metadata of skills it searches for.
Ingestion points: The output of the npx skills find command is processed by the agent to present options to the user.
Boundary markers: None are specified; the agent is simply told to "present options."
Capability inventory: The agent has the capability to write to the file system and execute code via the add command.
Sanitization: No sanitization or validation of the search results is described before they are processed by the LLM.

find-skills