Skills
skills/mizchi/skills/skill-finder/Gen Agent Trust Hub

skill-finder

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the discovery and installation of external agent skills from third-party GitHub repositories using the apm install command. It also utilizes npx @mizchi/waxa to run audit and evaluation tools on these unvetted sources.\n- [EXTERNAL_DOWNLOADS]: The skill uses curl to retrieve metadata and repository information from external community lists hosted on GitHub.\n- [PROMPT_INJECTION]: There is an inherent risk of indirect prompt injection because the skill parses and evaluates natural language instructions found in the SKILL.md files of unvetted third-party repositories.\n
  • Ingestion points: External repository documentation and skill metadata are read during the discovery and evaluation phases (SKILL.md Workflow Step 3).\n
  • Boundary markers: The process lacks explicit sanitization or strict boundary delimiters when interpreting instructions from external sources.\n
  • Capability inventory: The skill environment includes capabilities for network access (curl), code installation (apm), and script execution (npx, waxa).\n
  • Sanitization: There is no documented logic for filtering or sanitizing instructions from external sources before they are processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 03:53 AM