find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
npx, specificallynpx skills find,npx skills add,npx skills check, andnpx skills updateto manage local skill installations. - [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of remote code via
npx skills add <package>. This command downloads packages from external sources (such as GitHub) and incorporates them into the agent's environment. This is the intended primary purpose of the skill. - [EXTERNAL_DOWNLOADS]: The skill uses network-enabled commands to fetch skill definitions and packages from the
https://skills.sh/domain and various GitHub repositories, including those belonging to trusted organizations like Vercel Labs. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted user input for search queries and processes output from the
npx skills findcommand, which could contain descriptions authored by third parties. - Ingestion points: User-provided queries in
npx skills find [query]and results returned by the CLI. - Boundary markers: No explicit delimiters are defined to separate user/tool content from instructions.
- Capability inventory: Extensive command execution via the
npxecosystem. - Sanitization: The instructions do not specify any sanitization or validation of the external content before it is presented to the user or used for installation.
Audit Metadata