Skills
skills/nikolovlazar/dotfiles/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and install code from external GitHub repositories via the npx skills add command. It explicitly suggests using the -y flag to skip confirmation prompts, which allows for the silent installation and execution of arbitrary code from third-party sources.
  • [COMMAND_EXECUTION]: The skill relies on shell commands (npx skills ...) for its core functionality. It is vulnerable to command injection if a user-supplied query or package name (e.g., from a malicious task description) is interpolated into the shell command without proper escaping.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloads from https://skills.sh and arbitrary GitHub repositories. While intended for skill discovery, this mechanism allows for the retrieval of unverified content from untrusted external sources.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection where malicious instructions could be embedded in the search results returned by the npx skills find command.
  • Ingestion points: Search results from the npx skills find [query] command in SKILL.md.
  • Boundary markers: None; external search results are mixed directly into the agent's context.
  • Capability inventory: Shell command execution (npx skills) and code installation capabilities are present in SKILL.md.
  • Sanitization: No sanitization or validation of the external search results or package names is performed before they are used to execute commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 05:18 PM
Security Audit — agent-trust-hub — find-skills