Skills
skills/thinkfleetai/thinkfleet-engine/skills-search/Gen Agent Trust Hub

skills-search

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using npx and the vendor-specific thinkfleet-hub CLI tool to search for, install, and verify skills.
  • [EXTERNAL_DOWNLOADS]: Uses npx to dynamically download and execute the @thesethrose/skills-search package and the skills CLI from the npm registry. It also connects to the official skills.sh API to retrieve registry data.
  • [DATA_EXPOSURE]: Accesses the local file system at ~/.thinkfleetbot/workspace/.agents/skills/. This access is confined to the application's own installation and workspace directory for verification purposes.
  • [PROMPT_INJECTION]: The skill processes external content from the skills.sh API. This creates an indirect prompt injection surface where malicious metadata in a third-party skill registry entry could potentially influence agent behavior during the search or installation workflow.
  • Ingestion points: External API results from https://skills.sh/api/skills are displayed in the terminal.
  • Boundary markers: None identified for the API data output.
  • Capability inventory: Subprocess execution via npx and file system read via ls.
  • Sanitization: No explicit sanitization or validation of the registry data is shown before display.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:15 AM