find-tool
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely informational and focuses on information retrieval and comparison across various software ecosystems. It does not perform sensitive file operations, execute arbitrary system commands, or involve unauthorized network exfiltration.\n- [SAFE]: The instructions include robust security and quality evaluation criteria. The agent is directed to cross-reference multiple authoritative sources (e.g., official registries vs. GitHub activity) and check for known security advisories or abandoned maintenance status before making a recommendation.\n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes untrusted metadata from external sources like GitHub repositories and package registries.\n
- Ingestion points: Web search results, repository README files, and metadata from npm, PyPI, and other registries defined in SKILL.md and references/find-tool.md.\n
- Boundary markers: None explicitly defined in the instructions for isolating external content.\n
- Capability inventory: The skill possesses no capabilities for code execution, file writing, or making non-research network requests.\n
- Sanitization: The agent is instructed to extract specific factual metrics and evidence, which serves as a logical filter against generic or malicious instructions embedded in metadata.
Audit Metadata