find-skills
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION (MEDIUM): The skill is designed to find and install executable code from the internet.
- Evidence: The skill uses
npx skills add <owner/repo@skill>to install packages directly from GitHub or other remote sources. - Risk: It explicitly instructs the agent to use the
-yflag ('skips confirmation prompts'), which removes the human-in-the-loop requirement for executing third-party code. While it mentions trusted sources likevercel-labs, it also permits arbitrary GitHub repositories. - COMMAND_EXECUTION (MEDIUM): The skill relies on executing shell commands via the
skillsCLI tool. - Evidence: Commands such as
npx skills find,npx skills add, andnpx skills updateare core to the skill's functionality. - INDIRECT PROMPT INJECTION (LOW): The skill possesses a surface for indirect injection by ingesting untrusted data from external search results.
- Ingestion points: The output of
npx skills find [query]is parsed by the agent to present options to the user. - Boundary markers: None specified; the agent is expected to interpret the command-line output directly.
- Capability inventory: The skill has the capability to execute shell commands and install further code (
npx skills add). - Sanitization: No evidence of sanitization or validation of the search results before they are processed by the agent.
Audit Metadata