skills-cli-usage
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation references the
npx skillscommand, which downloads and executes theskillspackage from the npm registry. The underlying source code is hosted atgithub.com/vercel-labs/skills, which is a trusted repository according to the [TRUST-SCOPE-RULE]. - COMMAND_EXECUTION (LOW): The skill provides various commands for the agent to execute, such as listing, adding, removing, and updating skills. These are standard management operations for the Vercel Skills CLI tool.
- REMOTE_CODE_EXECUTION (LOW): The
npx skills add <source>command allows for the installation of additional skills from arbitrary GitHub repositories or URLs. While this is the intended function of the tool, it constitutes a potential vector for installing untrusted code. - PROMPT_INJECTION (LOW): Indirect Prompt Injection (Category 8) surface identified:
- Ingestion points: The
<source>argument innpx skills addcommands withinSKILL.mdallows the agent to ingest content from external, potentially untrusted repositories. - Boundary markers (absent): There are no delimiters or explicit instructions to ignore embedded prompts when adding new skills.
- Capability inventory: The CLI tool has the ability to write files and modify the agent's available toolset/skills.
- Sanitization (absent): The documentation does not describe any sanitization or validation of the content being added from the external source.
Audit Metadata