yahoo-finance
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The installation instructions for the prerequisite 'uv' tool utilize piped execution methods ('curl -LsSf https://astral.sh/uv/install.sh | sh' and 'irm ... | iex'). This allows arbitrary remote code to execute on the host system without verification.
- COMMAND_EXECUTION (MEDIUM): The skill requires modifying file permissions ('chmod +x') and creating symbolic links in system-protected directories ('/usr/local/bin/'), which can lead to unauthorized system-wide changes and typically requires administrative access.
- EXTERNAL_DOWNLOADS (LOW): The tool is designed to dynamically download and install Python dependencies ('yfinance', 'rich') from external package repositories at runtime.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata