Skills
skills/lu1sdv/skillsmd/skillsmp-search/Gen Agent Trust Hub

skillsmp-search

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to query the SkillsMP API and cat to read a local API key from ~/.claude/skills/skillsmp-search/.skillsmp-key for authentication headers.
  • [REMOTE_CODE_EXECUTION]: The skill instructions direct the agent to execute npx skills add <author>/<repo>, which downloads and executes remote packages. It also uses curl to fetch SKILL.md files from arbitrary GitHub repositories (raw.githubusercontent.com) and saves them to the agent's skill directory, effectively installing new, unvetted instructions into the agent's execution environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
  • Ingestion points: Data enters the context via search results from skillsmp.com and the content of SKILL.md files fetched during the "Compare to find best" or "Install" workflows (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when presenting search results or evaluating downloaded skill files.
  • Capability inventory: The agent has the capability to write files to the filesystem, execute shell commands (curl, npx), and interact with network services.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the fetched content before it is processed or evaluated by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the SkillsMP marketplace (skillsmp.com) and downloads files from GitHub's raw content domain (raw.githubusercontent.com).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 08:11 PM