Skills
skills/yunseo-kim/awesome-agent-toolbox/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the npx skills command-line interface to search for, add, and update agent packages.
  • [EXTERNAL_DOWNLOADS]: The skill instructions facilitate downloading packages and configuration data from external sources, specifically github.com and skills.sh.
  • [REMOTE_CODE_EXECUTION]: The npx skills add command installs external packages which may contain executable code or scripts, effectively allowing the execution of remote code on the host system. The use of the -y flag bypasses confirmation prompts during installation.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from search results.
  • Ingestion points: Search results returned by the npx skills find command as described in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard potentially malicious instructions within search results.
  • Capability inventory: The agent has the capability to execute commands and install arbitrary packages via the npx skills CLI.
  • Sanitization: No sanitization or validation is performed on the package names or metadata returned by the search command before they are presented to the user or used in subsequent commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 03:50 PM