skillmarketplace
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The search_skills tool defaults to auto-installing skills from external indices like skills.sh using npx, which could lead to the execution of untrusted code.
- [COMMAND_EXECUTION]: The skill utilizes shell commands including npx, curl, and python3. The publishing process specifically uses Python to recursively read local directory contents.
- [DATA_EXFILTRATION]: The publishing workflow transmits the contents of local directories to an external gateway (https://skills-market-gateway.fly.dev), posing a risk of exposing sensitive data such as credentials or environment variables if used on sensitive paths.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from external search results, which could trick the agent into installing malicious skills.
Audit Metadata