find-agent-skills
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill workflow involves performing searches and fetching data from an external, non-whitelisted domain (
skillzs.dev) to browse skill packages and documentation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to retrieve and analyze text from a third-party website. An attacker could host malicious content on that platform designed to influence the agent's behavior during the evaluation process.
- Ingestion points: The agent is directed to fetch and read content from URLs under
https://skillzs.dev/browseand individual skill detail pages inSKILL.md. - Capability inventory: The agent has the capability to recommend installation commands to the user based on its findings, which could lead to a user executing malicious scripts found in the external directory.
- Boundary markers: The skill lacks instructions to wrap external content in specific delimiters or ignore potential instructions embedded within the retrieved data.
- Sanitization: There are no explicit instructions to sanitize or validate the content retrieved from the external source before processing it.
Audit Metadata