Skills
skills/vaayne/mcphub/find-skills/Gen Agent Trust Hub

find-skills

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides a command to install the necessary 'mh' CLI tool by piping a script from the author's repository ('vaayne/mcphub') to the shell. This is a vendor-owned resource used for legitimate setup purposes.
  • [COMMAND_EXECUTION]: The agent is instructed to execute shell commands using the 'mh' CLI to search for and add new skills to the environment.
  • [EXTERNAL_DOWNLOADS]: The skill downloads a setup script and interacts with the 'skills.sh' registry to fetch metadata about available tools.
  • [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it processes data from external search results.
  • Ingestion points: Output from 'mh skills find' command.
  • Boundary markers: None specified in the instructions.
  • Capability inventory: Command execution via 'mh skills add'.
  • Sanitization: Instructions advise the agent to normalize and validate commands before suggesting or executing them.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 04:29 AM
Security Audit — agent-trust-hub — find-skills