Skills
skills/fairladyz625/agentskill/find-skills/Gen Agent Trust Hub

find-skills

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to install and execute modular packages from external sources using npx skills add <package>. Crucially, it encourages the use of the -y flag which explicitly skips user confirmation prompts, facilitating the automated installation and execution of untrusted code from arbitrary GitHub repositories.
  • [COMMAND_EXECUTION]: The core functionality of the skill relies on executing shell commands through the npx skills CLI tool to find, add, check, and update packages.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of content from the skills.sh registry and various GitHub repositories. While the instructions provide examples from established organizations, the underlying mechanism allows the agent to fetch and install content from any user-specified remote source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 01:34 PM
Security Audit — agent-trust-hub — find-skills