find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands (
npx skills findandnpx skills add) based on user-provided queries and package names. - [REMOTE_CODE_EXECUTION]: The
npx skills add <package>command downloads and installs external 'skills' from remote GitHub repositories. This allows for the execution of untrusted third-party code on the host system. The use of the-yflag (skip confirmation) and-gflag (global installation) increases the risk of automatic execution of malicious code if a user is social-engineered into installing a specific package. - [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of external packages, templates, and workflows from GitHub and the
skills.shregistry. - [COMMAND_EXECUTION]: User input is interpolated directly into shell commands (
npx skills find [query]). The absence of explicit sanitization or shell escaping for the[query]parameter introduces a command injection vulnerability where a user could supply shell metacharacters (e.g.,;,&&,|) to execute arbitrary commands. - [PROMPT_INJECTION]: The skill processes untrusted data from external sources (skill names and descriptions returned by the search command). This represents an indirect prompt injection surface where a malicious skill description could influence the agent's subsequent actions.
Audit Metadata