find-skills
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of remote code via the 'npx skills add' command. It explicitly instructs the agent to use the '-y' flag to skip confirmation prompts and the '-g' flag for global installation, which allows for the silent execution of potentially malicious code.
- [EXTERNAL_DOWNLOADS]: The skill promotes downloading packages from arbitrary GitHub repositories. While it mentions trusted sources, the general instructions allow any user-specified or search-discovered repository to be installed.
- [COMMAND_EXECUTION]: The skill directs the agent to run shell commands ('npx skills') using dynamically generated queries from user input, which could lead to command injection if queries are not properly sanitized.
- [PROMPT_INJECTION]: This skill possesses an indirect prompt injection surface as it ingests and processes data from external search results. Ingestion points: results from 'npx skills find' output (SKILL.md). Boundary markers: None. Capability inventory: shell execution via npx. Sanitization: None detected. If a malicious skill is listed in the search output, its metadata could contain instructions that influence the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata