find-skills
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to use
npx skills addto install external packages. It specifically recommends the-yflag, which bypasses user confirmation prompts, potentially allowing the agent to execute untrusted code autonomously.\n- [EXTERNAL_DOWNLOADS]: The skill's primary function is to search for and download external code from the 'skills' ecosystem usingnpx skills findandnpx skills add. It suggests verifying sources like 'vercel-labs' and 'anthropics'.\n- [COMMAND_EXECUTION]: The skill provides instructions for executing various shell commands to manage skills, includingnpx skills check,npx skills update, andnpx skills init.\n- [PRIVILEGE_ESCALATION]: The recommended installation command includes the-gflag for global installation. This installs code at the user/system level, which can increase the persistence and potential impact of a malicious package compared to a local project installation.
Audit Metadata