Skills
skills/vercel-labs/add-skill/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Command Execution: The skill utilizes the npx skills CLI to perform search and management tasks. This involves executing subprocesses to extend the agent's functional environment.
  • External Downloads and Installation: It provides instructions to download and install modular packages from the skills.sh platform and GitHub. These actions are fundamental to the skill's utility as an installer.
  • Indirect Prompt Injection Surface: The skill interpolates user-provided search terms into shell commands.
  • Ingestion points: User queries are passed directly to the npx skills find [query] command.
  • Boundary markers: The instructions do not define specific delimiters to isolate user input within the command string.
  • Capability inventory: The skill can execute CLI commands and install external code via npx.
  • Sanitization: There is no explicit mention of sanitizing or escaping user input before it is used as a command argument.
  • Automated Execution Flags: The use of the -y flag in the npx skills add command automates the installation process by skipping manual confirmations, which is standard for streamlined package management.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 07:01 AM