find-skills
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system-level commands using
npxin PowerShell and CMD to manage external packages. - [COMMAND_EXECUTION]: The troubleshooting section explicitly instructs users to "Try running in PowerShell as Administrator," which facilitates unnecessary privilege escalation for standard package management tasks.
- [REMOTE_CODE_EXECUTION]: The skill performs global installation of arbitrary code from an open ecosystem using
npx skills add <owner/repo@skill> -g -y. The use of the-yflag suppresses security prompts and user confirmation during installation, while the-gflag installs code globally on the host system. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes packages from the npm registry and references
https://skills.sh/, an external and unverified repository for third-party scripts. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through search results. * Ingestion points: Search results returned by
npx skills findfrom thehttps://skills.sh/registry. * Boundary markers: Absent; third-party skill descriptions are presented directly to the agent without delimiters. * Capability inventory: System command execution (npx), global package installation (-g), and network access via CLI. * Sanitization: No sanitization or validation of skill metadata from the external registry is implemented before presentation.
Recommendations
- AI detected serious security threats
Audit Metadata