The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the npx skills CLI tool to perform search, installation, and management tasks. Commands include npx skills find, npx skills add, npx skills check, and npx skills update.
[EXTERNAL_DOWNLOADS]: The skill is designed to download and install packages from external sources. It specifically references vercel-labs/agent-skills as a source and allows installing from any user-specified GitHub repository or package source.
[REMOTE_CODE_EXECUTION]: The skill provides instructions to the agent to execute npx skills add <owner/repo@skill> -g -y. The use of the -y flag is problematic as it explicitly skips confirmation prompts, allowing for the silent installation and execution of code from unverified third-party repositories. This significantly increases the risk of a supply chain attack or accidental installation of malicious functionality.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the npx skills find command results. Maliciously crafted skill names or descriptions in the ecosystem could influence the agent's behavior.
Ingestion points: The output of the npx skills find [query] command is ingested into the agent's context (SKILL.md).
Capability inventory: The agent has the capability to write to the system by installing packages via npx skills add.
Boundary markers: No delimiters or specific instructions are provided to the agent to ignore or treat search results as untrusted content.
Sanitization: There is no evidence of sanitization or validation of the search results before the agent presents them or offers to install them.

find-skills