The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute system commands using npx to interact with the skills CLI, including subcommands for finding and adding packages.
[REMOTE_CODE_EXECUTION]: The skill directs the agent to install external packages via npx skills add <package> -g -y. This pattern facilitates the download and execution of arbitrary code from remote repositories. The use of the -y flag is particularly risky as it skips user confirmation prompts, allowing for automated installation of potentially malicious software.
[EXTERNAL_DOWNLOADS]: The skill references and facilitates downloads from the skills.sh registry and GitHub-hosted repositories, including resources from Vercel Labs.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection where malicious instructions could be embedded in the metadata of skills returned by the find command. 1. Ingestion points: Results from the npx skills find [query] command. 2. Boundary markers: There are no instructions or delimiters to isolate or ignore potentially malicious content within search results. 3. Capability inventory: The agent has the ability to execute shell commands and install software. 4. Sanitization: No sanitization of the external search results is performed before the agent presents them to the user or acts upon them.

find-skills