find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading and installing external packages from GitHub and other remote sources using the
pnpx skills addcommand. This is documented inSKILL.mdunder Step 4:pnpx skills add <owner/repo@skill> -y.- [REMOTE_CODE_EXECUTION]: The installation process for new skills involves fetching and executing code from external repositories, which grants third-party code the ability to run within the agent's environment. The skill describes the Skills CLI as a package manager that installs modular packages from the open agent skills ecosystem.- [COMMAND_EXECUTION]: The skill utilizes thepnpxcommand-line utility to perform searches, updates, and installations, which involves executing shell commands with potentially variable arguments. Commands such aspnpx skills find [query],pnpx skills add <package>, andpnpx skills updateare present throughoutSKILL.md.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its dependency on an external registry. 1. Ingestion points: External search results fromskills.shvia thepnpx skills findcommand. 2. Boundary markers: No explicit boundary markers or warnings about ignoring instructions within skill packages are provided. 3. Capability inventory: The skill can execute shell commands (pnpx), download external code, and perform local installations. 4. Sanitization: No sanitization or verification of the fetched skill metadata or package contents is described before presentation or installation.
Audit Metadata