The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions to execute npx skills add <package> -g -y. This command downloads and installs code from remote sources. The use of the -y flag is particularly dangerous as it programmatically bypasses user confirmation, allowing the installation and subsequent execution of potentially malicious code without oversight.
[EXTERNAL_DOWNLOADS] (HIGH): The skill is designed to fetch and install modular packages ('skills') from the internet, specifically targeting GitHub repositories. While it mentions some trusted sources, it encourages users to find and install from any source returned by the search tool, which could include attacker-controlled repositories.
[COMMAND_EXECUTION] (MEDIUM): The skill relies on executing shell commands (npx skills find, npx skills add) to perform its primary functions. While the commands themselves are part of the 'Skills CLI', their use to modify the environment by adding new executable capabilities is a high-privilege operation.
[PROMPT_INJECTION] (HIGH): This skill exhibits a significant Indirect Prompt Injection surface (Category 8).
Ingestion points: Data enters the agent context via the results of the npx skills find [query] command and content from https://skills.sh/.
Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the provided instructions for handling search results.
Capability inventory: The skill has the capability to execute shell commands and install software (npx skills add).
Sanitization: There is no evidence of sanitization or validation of the search results before they are presented to the user or used in installation commands. An attacker who poisons a skill description in the registry could potentially influence the agent's behavior or trick it into executing malicious installation commands.

find-skills