find-agent-skills

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill workflow involves performing searches and fetching data from an external, non-whitelisted domain (skillzs.dev) to browse skill packages and documentation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to retrieve and analyze text from a third-party website. An attacker could host malicious content on that platform designed to influence the agent's behavior during the evaluation process.
  • Ingestion points: The agent is directed to fetch and read content from URLs under https://skillzs.dev/browse and individual skill detail pages in SKILL.md.
  • Capability inventory: The agent has the capability to recommend installation commands to the user based on its findings, which could lead to a user executing malicious scripts found in the external directory.
  • Boundary markers: The skill lacks instructions to wrap external content in specific delimiters or ignore potential instructions embedded within the retrieved data.
  • Sanitization: There are no explicit instructions to sanitize or validate the content retrieved from the external source before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 04:48 PM