find-skills
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of third-party code from external sources via
npx skills add <package>. It specifically recommends using the-yflag, which bypasses confirmation prompts and allows the agent to execute remote code automatically. - [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using
npx, includingnpx skills find,npx skills add, andnpx skills init. This provides a direct interface for running system commands based on external or user-provided input. - [EXTERNAL_DOWNLOADS]: The skill relies on downloading packages and content from external sources such as GitHub and
skills.sh. While some sources likevercel-labsare well-known, the skill allows for the installation of packages from any unverified GitHub repository. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Untrusted data enters the agent context through search results returned by
npx skills find [query], which fetches metadata (names, descriptions) from the external open skills ecosystem. - Boundary markers: The instructions lack explicit boundary markers or instructions to ignore embedded commands within the search results.
- Capability inventory: The agent has the capability to write to the filesystem and execute code via the
npx skills addcommand. - Sanitization: There is no mention of sanitizing or validating the output of the search results before presenting them to the user or acting upon them.
Recommendations
- AI detected serious security threats
Audit Metadata