Skills
skills/laurigates/claude-plugins/ty-type-checking/Gen Agent Trust Hub

ty-type-checking

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill encourages the installation of the 'ty' package from PyPI via 'pip install ty' and 'uv tool install ty'. This package is an unrelated project and not the tool from the claimed vendor (Astral), posing a risk of installing unintended third-party software.
  • [REMOTE_CODE_EXECUTION]: By instructing the agent to install and execute the 'ty' command, the skill facilitates the execution of unverified code from a source that does not match the stated project origin.
  • [METADATA_POISONING]: The skill uses misleading metadata to associate the 'ty' package with a trusted vendor (Astral), which could deceive users or agents into bypassing standard security scrutiny for new dependencies.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 09:42 AM