find-skills
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of external code via the 'npx skills add' command, which allows the agent to download and install modular packages from remote repositories like GitHub onto the local environment.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands through the 'skills' CLI (via npx) for searching, installing, and updating skills. This includes the use of flags like '-g' for global installation and '-y' to bypass confirmation prompts.
- [EXTERNAL_DOWNLOADS]: The skill connects to external services such as 'skills.sh' and various package repositories to retrieve metadata and download skill content.
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources, specifically search results from the CLI and the 'skills.sh' leaderboard, making it a surface for indirect prompt injection.
- Ingestion points: Data enters the context via 'npx skills find [query]' results and the 'skills.sh' leaderboard (SKILL.md).
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the retrieved metadata.
- Capability inventory: The skill has the capability to execute shell commands and install software (SKILL.md).
- Sanitization: The skill relies on manual agent verification of source reputation (e.g., install counts and GitHub stars) as outlined in 'Step 4', but lacks automated technical sanitization of the ingested content.
Audit Metadata