find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute various shell commands using 'pnpx', including 'pnpx skills find', 'pnpx skills add', 'pnpx skills check', and 'pnpx skills update'.
- [EXTERNAL_DOWNLOADS]: The 'skills add' command is used to download and install packages from external sources, primarily GitHub repositories. While the skill suggests trusted repositories like 'vercel-labs/agent-skills', it allows for the installation of arbitrary packages provided as 'owner/repo@skill'.
- [REMOTE_CODE_EXECUTION]: By design, this skill facilitates the installation and subsequent execution of remote code. It specifically instructs the agent to use the '-y' flag with 'pnpx skills add', which bypasses confirmation prompts and automatically installs the third-party software.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect injection as it ingests and executes content from external, third-party repositories.
- Ingestion points: Remote skill packages and configurations downloaded via 'pnpx skills add' from various GitHub repositories.
- Boundary markers: No boundary markers or 'ignore' instructions are implemented to prevent the agent from obeying malicious instructions embedded within the installed skills.
- Capability inventory: The agent has the capability to execute CLI commands and modify the local project environment through the 'skills' CLI.
- Sanitization: There is no evidence of validation or sanitization of the remote skill's content before it is installed and integrated into the agent's workflow.
Audit Metadata