find-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill triggers downloads of external packages from GitHub or other sources using the
npx skills addcommand. This is the primary intended purpose of the skill. It explicitly references trusted repositories such asvercel-labs/agent-skills, which qualifies for a severity downgrade under the trusted source rule. - COMMAND_EXECUTION (LOW): The skill instructs the agent to execute shell commands like
npx skills findandnpx skills add. While these allow for system interaction, they are scoped to the management of agent capabilities. - REMOTE_CODE_EXECUTION (LOW): By installing new skills, the agent is effectively importing and executing remote logic. The use of the
-yflag in the suggested commandnpx skills add <package> -g -ybypasses user confirmation prompts, which increases the risk of installing a malicious package if the agent is misled by a search result. - INDIRECT_PROMPT_INJECTION (LOW): The skill has a high attack surface for indirect injection because it processes untrusted data from the
skills.shregistry and GitHub repository descriptions. Maliciously crafted skill metadata could attempt to influence the agent's behavior during the 'find' or 'presentation' steps. Boundary markers are absent in the prompt templates, but the severity remains low per category guidelines.
Audit Metadata