find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill provides explicit instructions to install and execute third-party code via 'npx skills add'. The use of the '-y' flag in Step 4 is a critical security risk as it bypasses user confirmation, enabling the agent to install arbitrary code without human oversight. The '-g' flag increases the potential impact by installing packages globally at the system level.
- [COMMAND_EXECUTION] (HIGH): The skill relies on shell command execution for its core functionality, constructing 'npx' commands from user-influenced search queries and package identifiers.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill facilitates downloading code from arbitrary external sources like GitHub. While it mentions some reputable organizations, the mechanism allows for the installation of code from any untrusted repository.
- [PROMPT_INJECTION] (HIGH): The skill creates an indirect prompt injection surface (Category 8). It ingests untrusted metadata from an external package ecosystem and possesses the high-privilege capability to execute code based on that data. This could allow a malicious actor to poison search results to trick the agent into installing a malicious payload.
Recommendations
- AI detected serious security threats
Audit Metadata