Skills
skills/yinhui1984/find_skills_plus/find-skills-plus/Gen Agent Trust Hub

find-skills-plus

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The script scripts/enrich_find.js fetches skill descriptions from external URLs. Malicious instructions embedded in these descriptions could potentially hijack the AI agent's logic.\n
  • Ingestion points: Web content from skills.sh and agent-skills.md is ingested in scripts/enrich_find.js.\n
  • Boundary markers: Absent; the fetched content is printed directly to the console.\n
  • Capability inventory: The script has the ability to execute shell commands via execFileSync.\n
  • Sanitization: Performs basic HTML stripping and decoding but does not sanitize against prompt injection.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill uses npx to execute the skills package and performs network requests to fetch skill metadata. While these sources are associated with the project's ecosystem, they are external dependencies.\n- [COMMAND_EXECUTION] (SAFE): Subprocess execution is performed using execFileSync with an argument array, which is a safe practice that avoids shell injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM