ty-skills
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to install a package named 'ty' via
piporuv, while falsely claiming it is an official tool by Astral and providing dead links toastral.sh. This is a classic supply-chain attack vector. - [REMOTE_CODE_EXECUTION] (HIGH): Encourages execution of
ty checkandty server. Since the source is misrepresented, this involves running code from an unverifiable and potentially malicious source. - [COMMAND_EXECUTION] (HIGH): The skill relies on system-level command execution to perform its primary function, which becomes dangerous when the underlying tool's integrity cannot be verified.
- [PROMPT_INJECTION] (LOW): The skill creates a surface for Indirect Prompt Injection as it processes workspace code without sanitization or boundary markers. 1. Ingestion point: Workspace code files processed by 'ty check'. 2. Capability: System command execution and file reading. 3. Boundaries: Absent. 4. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata