find-skills
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
npx skills addto fetch packages from remote sources, including GitHub repositories and the skills.sh registry. While it highlights some well-known repositories like vercel-labs/agent-skills, the tool is designed to pull content from any user-specified repository. - [COMMAND_EXECUTION]: The skill core functionality relies on executing shell commands through the
npx skillsCLI to manage, search, and install software on the host system. - [REMOTE_CODE_EXECUTION]: By design, this skill facilitates the execution of remote code by installing third-party agent skills. The documentation specifically encourages the use of the
-yflag, which bypasses confirmation prompts, potentially leading to the silent installation of malicious extensions if the source repository is compromised or spoofed. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: The agent ingests and processes untrusted data from the output of the
npx skills findcommand, which includes package names and descriptions created by third parties. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat search results as untrusted data.
- Capability inventory: The skill has the capability to execute shell commands (
npx) and modify the agent's runtime environment by adding new skills. - Sanitization: There is no evidence of sanitization or validation of the search results before they are presented to the user or used for installation.
Audit Metadata