ty-type-checking
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install a package named
tyviapiporuv, claiming it is an official tool from Astral. However, thetypackage on PyPI is not associated with Astral, and the provided GitHub repository link (github.com/astral-sh/ty) does not appear to exist as an official Astral project. This misattribution constitutes deceptive metadata and makes the dependency unverifiable. - [COMMAND_EXECUTION]: The skill defines permissions for the agent to execute
ty,python, anduvcommands. This capability is used to perform the type checking tasks described in the documentation, but relies on potentially untrusted or misidentified software. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill is designed to read and process external Python files.
- Ingestion points: Python source files and directories specified during type checking commands (e.g.,
ty check src/). - Boundary markers: None identified; there are no instructions to the agent to ignore or delimit potentially malicious content within analyzed files.
- Capability inventory: Includes the ability to execute shell commands (
Bash) and read/write local files. - Sanitization: No validation or sanitization of the analyzed file content is mentioned or implemented.
Audit Metadata