Skills
skills/mymx2/skills/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to interact with the environment using shell commands via npx skills. This includes interactive searching (find), checking for updates (check), and potentially creating new skills (init).
  • [EXTERNAL_DOWNLOADS]: The skill's primary purpose is to download and install external code packages from GitHub or other repositories using the npx skills add command. The instructions specifically suggest using the -y flag to skip user confirmation prompts, which increases the risk of automated installation of malicious packages if the agent is misled by search results.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data (search results and package metadata) to influence future command execution.
  • Ingestion points: Data returned from the npx skills find command or the skills.sh website (SKILL.md).
  • Boundary markers: No specific delimiters are used to wrap or isolate the external data being processed by the agent.
  • Capability inventory: The agent has the capability to execute shell commands (npx skills add) which results in external code installation.
  • Sanitization: The instructions provide a logical verification step (checking installation counts, source reputation, and GitHub stars) which acts as a manual filter, but no programmatic sanitization or boundary enforcement is present.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 01:38 AM