astral-ty
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Metadata Poisoning] (HIGH): The skill name 'astral-ty' and the documentation link 'https://docs.astral.sh/ty/' are deceptive. Astral (creators of ruff and uv) does not have a product named 'ty'. This impersonation aims to mislead users and agents into trusting the skill's commands.
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill instructs the agent to use 'uvx ty' and 'uv run ty'. These commands fetch and execute code from PyPI at runtime. Since the tool is not from the claimed trusted source, this is an unverified execution of a third-party package.
- [Command Execution] (MEDIUM): The skill extensively uses subprocess execution commands to perform type checking. While this is the stated purpose, the deceptive context makes this capability high-risk.
- [Indirect Prompt Injection] (MEDIUM): The skill processes external Python files and uses specific markers like '# ty: ignore' to control behavior. This creates an attack surface where malicious files could influence agent reasoning or tool behavior during code analysis.
Recommendations
- AI detected serious security threats
Audit Metadata