Skills
skills/armanzeroeight/fastagent-plugins/dependency-manager/Gen Agent Trust Hub

dependency-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The automated scan detected 'curl -LsSf https://astral.sh/uv/install.sh | sh'. Piping a remote script directly to a shell (curl|sh) is a high-severity risk as it executes code without allowing for inspection or verification of the content.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads an installer from 'astral.sh'. While 'uv' is a recognized tool from Astral, this domain and organization are not included in the predefined list of trusted external sources, requiring a manual review of the script's contents.
  • [COMMAND_EXECUTION] (MEDIUM): The use of shell piping for software installation represents a pattern of high-risk command execution that bypasses standard package management safety checks.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:30 PM