find-skills
Fail
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the discovery and installation of third-party code from GitHub using the
npx skills addcommand. Since these 'skills' are modular packages that extend agent capabilities with tools and scripts, this represents a remote code execution vector.\n- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch content from GitHub repositories and theskills.shdomain. While it mentions well-known organizations like Vercel, the mechanism supports installation from any arbitrary GitHub account.\n- [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands usingnpx, specificallynpx skills findfor discovery andnpx skills addfor installation.\n- [PRIVILEGE_ESCALATION]: The skill explicitly instructs the agent to use the-yflag when installing packages (e.g.,npx skills add <package> -g -y). This flag suppresses interactive confirmation prompts, allowing the agent to install external software automatically without a manual 'yes/no' approval step from the user.\n- [INDIRECT_PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing and displaying untrusted data from an external ecosystem.\n - Ingestion points: Data enters the agent's context through the output of the
npx skills findcommand (SKILL.md).\n - Boundary markers: No delimiters or warnings are used to isolate search results from the agent's instructions.\n
- Capability inventory: The agent has the capability to execute shell commands and install software based on the ingested data.\n
- Sanitization: There is no evidence of validating or sanitizing the search results before they are presented or acted upon.
Recommendations
- AI detected serious security threats
Audit Metadata