Skills
skills/tenequm/claude-skills/skill-finder/Gen Agent Trust Hub

skill-finder

Fail

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's installation workflow defined in references/installation-workflow.md explicitly automates the execution of arbitrary shell scripts (bash setup.sh) downloaded from unvetted third-party GitHub repositories found during search. This capability allows for the execution of unverified and potentially malicious code within the user's local environment.
  • [EXTERNAL_DOWNLOADS]: The core functionality of the skill relies on fetching content and cloning repositories from unvetted third-party sources on GitHub using gh api and gh repo clone based on user-supplied search queries. This architectural design encourages the downloading of unvetted executable content from the open internet.
  • [COMMAND_EXECUTION]: The skill facilitates and automates high-risk system-level commands, including the use of package managers (npm install, pip install -r requirements.txt) and shell script execution from discovered repositories. This bypasses standard manual vetting procedures for third-party software installation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is instructed to 'Actually READ' and semantically analyze untrusted SKILL.md content from external repositories to perform scoring and evaluation.
  • Ingestion points: Untrusted content from third-party GitHub repositories is fetched via API and processed locally (e.g., stored in temp_skill.md) for semantic matching and quality assessment.
  • Boundary markers: The instructions lack explicit boundary markers or safety directives to isolate the external content, increasing the risk that malicious instructions embedded within a discovered skill could override agent behavior during the evaluation phase.
  • Capability inventory: The skill environment possesses extensive capabilities, including shell access (gh, bash), network operations, and file system modification permissions.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the external markdown files before they are processed by the agent's logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 30, 2026, 12:06 AM