tech-slide
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The script
scripts/check_dependencies.pycontains the patterncurl -LsSf https://astral.sh/uv/install.sh | sh. This is a high-risk pattern that pipes a remote script directly into the shell for execution. The source 'astral.sh' is not included in the 'Trusted External Sources' whitelist, making this an unverifiable remote execution risk. - EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on
npx slidev(inSKILL.md) anduv sync(inscripts/check_dependencies.py) to download and execute packages from NPM and PyPI. While these are standard development tools, they introduce external code dependencies that are resolved and executed at runtime. - COMMAND_EXECUTION (LOW): The
scripts/check_dependencies.pyfile uses thesubprocessmodule to call external binaries (uv,sh). While these are used for environment management, any automated command execution warrants a baseline security review.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata