find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill utilizes 'npx skills add -g -y' which downloads and executes arbitrary code from the internet (GitHub or other sources) on the host system. The use of the '-y' flag bypasses user confirmation, allowing for silent installation of potentially malicious software.\n- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) due to the interaction with an external registry.\n
- Ingestion points: Search results retrieved from the external registry at https://skills.sh/ via the 'npx skills find' command.\n
- Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the search output.\n
- Capability inventory: Possesses high-impact capabilities including 'npx skills add' (code installation/execution) and shell command execution.\n
- Sanitization: Absent; the agent is instructed to present search results and execute install commands without validation of the source or content.\n- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute shell commands ('npx skills find', 'npx skills add', 'npx skills check') directly, which could be exploited if queries or package names are manipulated.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill refers to untrusted external sources like 'ComposioHQ/awesome-claude-skills' and the 'skills.sh' registry, which are not included in the Trusted External Sources list. While 'vercel-labs/agent-skills' is trusted, the mechanism allows for arbitrary source installation.
Recommendations
- AI detected serious security threats
Audit Metadata