Skills
skills/uv-xiao/pkbllm/uv-find-skills/Gen Agent Trust Hub

uv-find-skills

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the npx skills command to search for and install modular packages within the agent's environment.
  • [EXTERNAL_DOWNLOADS]: The skill enables the retrieval and installation of external code from repositories and the skills.sh ecosystem using the npx skills add command.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes and presents untrusted data from an external registry.
  • Ingestion points: Results from the npx skills find [query] command, including skill names and descriptions provided by third-party authors, enter the agent's context.
  • Boundary markers: No delimiters or isolation instructions are used to prevent the agent from obeying instructions that might be embedded in search results.
  • Capability inventory: The agent is authorized to execute CLI commands and install new software packages.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of skill descriptions before they are displayed or acted upon.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 12:41 PM