The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill uses npx skills, which triggers the download and execution of packages from the npm registry at runtime. The 'skills' package is not from a trusted source, creating a risk of malicious package execution.
[REMOTE_CODE_EXECUTION] (HIGH): Runtime execution of npx functions as remote code execution, as the logic of the tool is pulled from the remote npm registry instead of being statically contained within the skill.
[COMMAND_EXECUTION] (MEDIUM): The command node scripts/enrich_find.js "<query>" passes a user-provided string directly into a shell environment. This creates a risk of command injection if the underlying script performs unsafe string concatenation when calling npx.
[PROMPT_INJECTION] (HIGH): This skill presents an Indirect Prompt Injection surface by fetching and displaying external content (Category 8).
Ingestion points: Content is scraped from pages on skills.sh via the enrich_find.js script.
Boundary markers: Absent; the description is extracted and printed directly into the output format without delimiters.
Capability inventory: The skill possesses network access and the ability to execute system commands via npx.
Sanitization: No sanitization is mentioned or evident, meaning malicious instructions in a skill's description could be parsed and obeyed by the agent.

find-skills-plus