find-skills
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
npx, specificallynpx skills findandnpx skills add. These commands interact with the local operating system to manage external toolsets.\n- [REMOTE_CODE_EXECUTION]: Thenpx skills add <package>command fetches and installs modular packages from remote sources such as GitHub. These packages can contain executable scripts or workflows that extend the agent's capabilities, representing a significant remote code execution surface.\n- [COMMAND_EXECUTION]: The documentation explicitly advises using the-yand-gflags (npx skills add <package> -g -y). The-yflag bypasses all interactive confirmation prompts, which removes the 'human-in-the-loop' safety check and allows potentially malicious third-party code to be installed and executed automatically.\n- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests search results from an external, community-driven registry (skills.sh) and incorporates them into the agent's active context. Maliciously crafted package metadata in the registry could influence the agent to perform unintended actions or trick the user into installing compromised tools.\n - Ingestion points: Output from the
npx skills findcommand and descriptions from theskills.shwebsite.\n - Boundary markers: None provided in the instructions to separate untrusted registry data from system prompts.\n
- Capability inventory: Subprocess execution for package installation and global system modifications.\n
- Sanitization: No validation or filtering is performed on the search results before they are presented to the user or processed by the agent.
Audit Metadata