skills/dzhng/skills/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the npx skills CLI tool to perform various shell commands, including find, add, check, and update.
  • Evidence: npx skills find [query], npx skills add <package> -g -y.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and install packages from external sources like GitHub.
  • Evidence: npx skills add <package> downloads modular packages from the open agent skills ecosystem.
  • [REMOTE_CODE_EXECUTION]: Installing external skills via npx skills add involves downloading code that is subsequently executed within the agent's environment.
  • Evidence: The installation process adds specialized knowledge, workflows, and tools from third-party repositories.
  • [SAFE]: The skill includes explicit instructions for the agent to verify the quality and reputation of a skill (e.g., checking install counts, official sources like vercel-labs or anthropics, and GitHub stars) before recommending or installing it.
  • Evidence: Step 4: Verify Quality Before Recommending guidelines.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 08:16 AM
Security Audit — agent-trust-hub — find-skills