skill-finder
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to search and download content (SKILL.md files and associated repositories) from arbitrary, unverified GitHub repositories. This behavior is documented in SKILL.md (Phase 3) and references/search-strategies.md.
- [REMOTE_CODE_EXECUTION]: The references/installation-workflow.md file contains explicit instructions to download and execute setup.sh from discovered repositories: (cd "$dest_dir" && bash setup.sh). Executing unvetted shell scripts from the internet is a major security risk.
- [REMOTE_CODE_EXECUTION]: The skill automates the installation of dependencies via npm install and pip install -r requirements.txt for downloaded skills. This provides an additional vector for arbitrary code execution via malicious post-install scripts in npm packages or setup scripts in Python packages.
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands and the GitHub CLI (gh) to interact with remote repositories, including recursive tree traversal, cloning repositories (gh repo clone), and file manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata