The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill's primary purpose is to download and install external code from the internet using npx skills add. While the CLI itself and specific repositories like vercel-labs/agent-skills are from trusted organizations, the skill encourages users to install from any arbitrary 'owner/repo' or URL.
REMOTE_CODE_EXECUTION (MEDIUM): Installing 'agent skills' involves downloading executable instructions, scripts, or configurations that an AI agent will subsequently load and run. This is functionally equivalent to remote code execution. Per [TRUST-SCOPE-RULE], references to vercel-labs and anthropics are LOW risk, but the general pattern of installing from unverified repositories remains MEDIUM.
COMMAND_EXECUTION (LOW): The skill provides numerous examples of shell commands (npx skills ...) for the agent to execute. These are standard CLI operations but represent the mechanism through which the external code is fetched and managed.
INDIRECT PROMPT INJECTION (LOW): There is a risk that a third-party skill found via npx skills find could contain malicious instructions designed to hijack the agent's behavior once installed. The skill provides 'Security review of skill sources' in its documentation, which is a necessary mitigation but does not eliminate the risk inherent in the capability.

find-skills