find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to download and install packages from arbitrary GitHub repositories via the
npx skills addcommand. While it mentions trusted sources likevercel-labs, it also permits installation from any<owner/repo>, posing a significant supply chain risk.\n- REMOTE_CODE_EXECUTION (HIGH): The skill recommends using the-yflag withnpx skills add, which skips confirmation prompts. This allows the agent to automatically execute remote code without human review, creating a direct path for malicious software to compromise the environment.\n- COMMAND_EXECUTION (MEDIUM): The skill relies on shell command execution (npx) to perform its core functions. Untrusted input from search results could potentially be used to manipulate these commands.\n- INDIRECT_PROMPT_INJECTION (HIGH): This skill exhibits a high vulnerability to indirect prompt injection.\n - Ingestion points: Data returned from the search command
npx skills findand the contents of external GitHub repositories (SKILL.md files).\n - Boundary markers: None present to distinguish search results or external repo content from trusted instructions.\n
- Capability inventory: System-wide package installation (
-g) and code execution vianpx.\n - Sanitization: No evidence of sanitization for the data ingested from external sources.
Recommendations
- AI detected serious security threats
Audit Metadata