skills/mvanhorn/skills/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to use npx skills add to install external packages. It specifically recommends the -y flag, which bypasses user confirmation prompts, potentially allowing the agent to execute untrusted code autonomously.\n- [EXTERNAL_DOWNLOADS]: The skill's primary function is to search for and download external code from the 'skills' ecosystem using npx skills find and npx skills add. It suggests verifying sources like 'vercel-labs' and 'anthropics'.\n- [COMMAND_EXECUTION]: The skill provides instructions for executing various shell commands to manage skills, including npx skills check, npx skills update, and npx skills init.\n- [PRIVILEGE_ESCALATION]: The recommended installation command includes the -g flag for global installation. This installs code at the user/system level, which can increase the persistence and potential impact of a malicious package compared to a local project installation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 11:41 PM
Security Audit — agent-trust-hub — find-skills