Skills
skills/superagent-ai/grok-cli/find-skills/Gen Agent Trust Hub

find-skills

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill directs the agent to execute code from the npm registry and GitHub using the npx skills add command. This pattern involves fetching and executing remote scripts which may contain arbitrary logic.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to pull third-party packages into the local environment. While it mentions well-known sources such as Vercel and Anthropic, it also supports installing skills from unknown or community-contributed repositories identified through keyword searches.
  • [COMMAND_EXECUTION]: The instructions recommend using the -y flag with the npx skills add command. This flag is designed to automatically skip confirmation prompts, which reduces user oversight and allows the agent to install and run new code autonomously.
  • [DYNAMIC_EXECUTION]: The skill relies on npx, a tool used for the dynamic execution of packages. This mechanism executes code retrieved at runtime from an external registry, creating a surface for potential supply-chain risks if the underlying packages are compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 10:35 AM
Security Audit — agent-trust-hub — find-skills