skills/find-skills vercel-labs | | This skill facilitates silent installation of arbitrary external skills | 17.1k | 1.4M | 10 | 100Critical |
self-improvement pskoett | | This skill enables arbitrary command execution via hook scripts and | 3.2k | 395.7k | 6 | 100Critical |
agent-skills/vercel-react-best-practices vercel-labs | | The skill misrepresents itself as a | 26.2k | 374.6k | 1 | 40Medium |
skills/frontend-design anthropics | | No security issues detected in anthropics/skills/frontend-design. | 128.9k | 372.9k | – | 0None |
azure-skills/microsoft-foundry microsoft | | This skill exposes sensitive credentials, allows privilege escalation, arbitrary | 849 | 303.9k | 6 | 100Critical |
agent-skills/web-design-guidelines vercel-labs | | The skill executes arbitrary remote content from mutable, unauthenticated | 26.2k | 298.5k | 7 | 100Critical |
azure-skills/azure-deploy microsoft | | The `azure-deploy` skill relies on custom, unaudited 'MCP Tools', posing a supply chain risk due to unknown | 849 | 293.2k | 1 | 40Medium |
azure-skills/azure-ai microsoft | | The skill exposes Azure CLI commands | 849 | 293.2k | 2 | 40Medium |
azure-skills/azure-prepare microsoft | | The skill's human approval step for | 849 | 293.1k | 1 | 5Low |
azure-skills/azure-diagnostics microsoft | | The skill is vulnerable to command and K | 849 | 293.0k | 3 | 40Medium |
azure-skills/azure-compute microsoft | | No security issues detected in microsoft/azure-skills/azure-compute. | 849 | 292.8k | – | 0None |
azure-skills/azure-cloud-migrate microsoft | | The skill introduces supply chain risks through external dependencies and local file loading, potentially influencing agent reasoning if compromised. | 849 | 292.8k | 2 | 40Medium |
azure-skills/azure-messaging microsoft | | No security issues detected in microsoft/azure-skills/azure-messaging. | 849 | 292.7k | – | 0None |
azure-skills/azure-hosted-copilot-sdk microsoft | | No security issues detected in microsoft/azure-skills/azure-hosted-copilot-sdk. | 849 | 292.7k | – | 0None |
azure-skills/appinsights-instrumentation microsoft | | No security issues detected in microsoft/azure-skills/appinsights-instrumentation. | 849 | 292.7k | – | 0None |
azure-skills/entra-app-registration microsoft | | No security issues detected in microsoft/azure-skills/entra-app-registration. | 849 | 292.7k | – | 0None |
azure-skills/azure-validate microsoft | | The skill introduces supply chain risks and indirect prompt injection | 849 | 292.7k | 5 | 70High |
azure-skills/azure-storage microsoft | | The skill misrepresents its capabilities, claiming full | 849 | 292.7k | 1 | 40Medium |
azure-skills/azure-rbac microsoft | | This skill is vulnerable to prompt injection, allowing | 849 | 292.6k | 2 | 70High |
azure-skills/azure-compliance microsoft | | The skill enables reconnaissance of sensitive Azure Key Vault artifacts by listing and retrieving metadata for keys, secrets, | 849 | 292.6k | 1 | 15Low |
azure-skills/azure-resource-lookup microsoft | | The skill risks command injection via `az graph query` | 849 | 292.6k | 1 | 70High |
azure-skills/azure-kusto microsoft | | This skill allows command injection, data exfiltration, | 849 | 292.5k | 4 | 100Critical |
azure-skills/azure-aigateway microsoft | | The skill allows powerful Azure resource management and sensitive data querying | 849 | 292.5k | 3 | 70High |
azure-skills/azure-resource-visualizer microsoft | | The skill enables direct command execution via Azure CLI, posing a risk for arbitrary command execution if the agent's environment is not properly sandboxed. | 849 | 292.5k | 1 | 40Medium |
skills/remotion-best-practices remotion-dev | | The skill risks command injection and arbitrary file system access due to unsanitized FFmpeg inputs. | 3.0k | 289.5k | 1 | 40Medium |
azure-skills/azure-quotas microsoft | | This skill performs Azure resource reconnaissance and administrative actions, posing | 849 | 267.7k | 5 | 40Medium |
azure-skills/azure-upgrade microsoft | | The skill can execute arbitrary code, deploy malicious resources, | 849 | 255.4k | 7 | 100Critical |
agent-browser/agent-browser vercel-labs | | The skill enables arbitrary command execution, data exfiltration, and social engineering, while also introducing supply chain vulnerabilities through dynamic skill loading. | 31.9k | 240.5k | 4 | 100Critical |
azure-skills/azure-enterprise-infra-planner microsoft | | This skill can provision, modify, destroy, and | 849 | 212.7k | 2 | 70High |
azure-skills/azure-kubernetes microsoft | | The skill performs cloud reconnaissance and is vulnerable to supply chain | 849 | 200.6k | 4 | 40Medium |
skills/skill-creator anthropics | | This skill can poison agent knowledge bases through malicious injection into | 128.9k | 185.8k | 2 | 40Medium |
ontology oswalpalash | | The skill allows command injection, poisons the | 534 | 165.5k | 4 | 100Critical |
self-improving ivangdavila | | This self-improving skill autonomously modifies critical | 962 | 164.9k | 10 | 70High |
agent-skills/vercel-composition-patterns vercel-labs | | No security issues detected in vercel-labs/agent-skills/vercel-composition-patterns. | 26.2k | 161.2k | – | 0None |
azure-skills/azure-cost microsoft | | The skill allows arbitrary Azure API calls and | 849 | 160.8k | 3 | 100Critical |
github-copilot-for-azure/azure-ai microsoft | | The skill misrepresents its Azure service support, | 202 | 154.6k | 1 | 40Medium |
github-copilot-for-azure/azure-deploy microsoft | | This skill executes powerful cloud deployment commands that can cause significant infrastructure changes or destruction if misused. | 202 | 154.3k | 1 | 70High |
github-copilot-for-azure/azure-storage microsoft | | The skill enables arbitrary file operations and Azure | 202 | 154.2k | 2 | 70High |
github-copilot-for-azure/azure-diagnostics microsoft | | No security issues detected in microsoft/github-copilot-for-azure/azure-diagnostics. | 202 | 154.2k | – | 0None |
github-copilot-for-azure/entra-app-registration microsoft | | No security issues detected in microsoft/github-copilot-for-azure/entra-app-registration. | 202 | 154.0k | – | 0None |
github-copilot-for-azure/azure-validate microsoft | | This skill executes arbitrary commands from external files, manipulates | 202 | 154.0k | 12 | 70High |
github-copilot-for-azure/azure-resource-visualizer microsoft | | The skill uses powerful Azure CLI commands and handles | 202 | 154.0k | 2 | 40Medium |
github-copilot-for-azure/azure-resource-lookup microsoft | | The skill is vulnerable to command | 202 | 154.0k | 2 | 100Critical |
github-copilot-for-azure/azure-rbac microsoft | | No security issues detected in microsoft/github-copilot-for-azure/azure-rbac. | 202 | 154.0k | – | 0None |
github-copilot-for-azure/azure-kusto microsoft | | The skill allows arbitrary KQL query execution and reconnaissance | 202 | 154.0k | 2 | 70High |
github-copilot-for-azure/azure-prepare microsoft | | No security issues detected in microsoft/github-copilot-for-azure/azure-prepare. | 202 | 154.0k | – | 0None |
github-copilot-for-azure/azure-compliance microsoft | | No security issues detected in microsoft/github-copilot-for-azure/azure-compliance. | 202 | 154.0k | – | 0None |
github-copilot-for-azure/appinsights-instrumentation microsoft | | The skill deceptively provides actionable Azure CLI and Bicep commands for resource creation and code modification, contradicting its stated purpose. | 202 | 154.0k | 1 | 40Medium |
