find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
npx skillsCLI to perform searches and manage package installations on the system. - [EXTERNAL_DOWNLOADS]: It fetches and installs packages from external GitHub repositories using the
npx skills addcommand. - [REMOTE_CODE_EXECUTION]: The skill provides instructions for the agent to install third-party code. The inclusion of the
-yflag in the suggested commandnpx skills add <package> -g -yis a security concern because it bypasses confirmation prompts, allowing for the automatic installation and subsequent execution of code from potentially untrusted sources. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted search results from the
skills.shecosystem, which could contain malicious metadata designed to influence agent behavior or trick the agent into installing a specific package during the discovery process. - Ingestion points: Output from the
npx skills find [query]command. - Boundary markers: None present in the skill instructions.
- Capability inventory: The skill can execute
npx skills add, which installs and runs code from any repository provided in the search result. - Sanitization: No explicit sanitization or validation of the search results is performed before the information is presented to the user or acted upon by the agent.
Audit Metadata