find-skills
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands using the
npx skillsCLI tool for searching, checking, and updating installed packages. - [EXTERNAL_DOWNLOADS]: The skill enables the download and installation of functional modules from external sources such as GitHub and the
skills.shregistry. - [REMOTE_CODE_EXECUTION]: The core functionality involves installing and potentially running third-party agent skills, which constitutes remote code execution. The documentation suggests using the
-yflag to skip interactive confirmation prompts when the user expresses intent to install a skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from an external ecosystem (package descriptions and search results) that could be controlled by an attacker.
- Ingestion points: Output from the
npx skills findcommand processed at runtime. - Boundary markers: None identified; the agent is instructed to present discovered skill descriptions directly to the user.
- Capability inventory: Subprocess execution and code installation via
npx skills add. - Sanitization: No validation or sanitization of external metadata (e.g., skill names or descriptions) is specified before the agent acts on the data.
Audit Metadata