find-skills
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill facilitates the installation and execution of remote code through the 'npx skills add' command.
- Evidence: Explicit instructions in Step 4 to run 'npx skills add owner/repo@skill -g -y'.
- Risk: The '-y' flag bypasses confirmation prompts, creating a silent path for remote code execution. While 'vercel-labs/agent-skills' is a trusted source, the skill's search-and-install nature allows it to target any arbitrary repository.
- [Indirect Prompt Injection] (HIGH): The skill exposes a high-risk attack surface because it ingests untrusted search results from an external ecosystem and possesses the capability to execute them.
- Ingestion points: Search results and package metadata from the 'npx skills find' command.
- Boundary markers: Absent; the agent is not instructed to treat search descriptions as untrusted data.
- Capability inventory: Full shell execution for package installation ('npx skills add').
- Sanitization: None; the agent passes search results directly into installation commands.
- [Privilege Escalation] (MEDIUM): The instruction to use the '-g' (global) flag for installations increases the blast radius of any malicious package by applying changes at the system or user level rather than within a restricted local directory.
Recommendations
- AI detected serious security threats
Audit Metadata