find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a bridge to the open agent skills ecosystem, using the
npx skillspackage manager to extend agent capabilities. - [COMMAND_EXECUTION]: The skill provides instructions for running command-line tools such as
npx skills find,npx skills add, andnpx skills update. These are standard operations for the described ecosystem and do not involve unauthorized privilege escalation. - [EXTERNAL_DOWNLOADS]: It facilitates the installation of skills from external sources like GitHub. The documentation specifically highlights trusted sources such as
vercel-labs/agent-skillsand well-known services likeskills.sh. - [INDIRECT_PROMPT_INJECTION]: The skill retrieves and displays search results from an external database (
skills.sh). While this represents a surface for indirect prompt injection from third-party skill metadata, the risk is low and inherent to the functionality of a discovery tool.
Audit Metadata