banana-skill-finder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The core functionality relies on 'npx skills add /' and 'npx add-skill ', which downloads and installs code from arbitrary GitHub repositories. This allows for the execution of unvetted scripts in the user's environment.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill fetches data from non-whitelisted domains including 'skillsmp.com' and 'skills.sh'. These sources are used to populate search results that lead to code installation.
- [COMMAND_EXECUTION] (MEDIUM): The skill performs active system operations including directory listing ('ls ~/.claude/skills/') and network requests via 'curl' to fetch and execute remote content.
- [CREDENTIALS_UNSAFE] (LOW): Documentation encourages users to provide and store a 'SKILLSMP_API_KEY' in shell profiles or '.env' files. While the skill doesn't hardcode keys, it facilitates the use of secrets with a non-whitelisted third-party service.
- [PROMPT_INJECTION] (LOW): The instructions contain a 'proactive' trigger mandate, instructing the agent to suggest installations even when not explicitly asked. This behavioral override increases the risk of a user accidentally authorizing a malicious installation suggested by poisoned search results.
Recommendations
- AI detected serious security threats
Audit Metadata