Skills
skills/weaaare/a11y-agents-kit/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes system commands using the npx skills CLI to search for, add, and manage agent skills.
  • [EXTERNAL_DOWNLOADS]: Fetches and installs code packages from external repositories. While the skill highlights trusted sources such as Vercel Labs, it also allows installation from arbitrary GitHub repositories.
  • [REMOTE_CODE_EXECUTION]: The npx skills add command installs new functionality into the agent's environment, which involves downloading and executing code from remote sources.
  • [PROMPT_INJECTION]: The skill uses unvalidated user input to construct search queries for the npx skills find command, creating an attack surface for indirect prompt injection via malicious search results or manipulated queries.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 07:57 PM