find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions for the agent to install and execute external code packages using the
npx skills addcommand. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of content from external, unverified sources, including arbitrary GitHub repositories and the
skills.shregistry. - [COMMAND_EXECUTION]: The skill executes shell commands for searching and installing packages. The recommended installation command
npx skills add <package> -g -yis particularly concerning because the-yflag bypasses user confirmation prompts during the installation of remote code. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on untrusted external data.
- Ingestion points: Skill descriptions and metadata are fetched from the external
skills.shservice via thenpx skills findcommand. - Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded commands within the search results.
- Capability inventory: The agent possesses the capability to execute shell commands and perform global package installations.
- Sanitization: No sanitization or verification of the content returned from the remote registry is performed before the agent processes it or offers to execute the installation.
Audit Metadata