software-architecture
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote execution pattern identified in 'references/project-structure.md' and 'references/deployment.md'. The instruction 'curl -LsSf https://astral.sh/uv/install.sh | sh' is recommended for environment setup and included in setup scripts, allowing arbitrary code execution from a third-party domain without verification.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill references external scripts from 'astral.sh', which is not a verified domain within the trusted source scope. This elevates the risk of the remote execution finding, as the integrity of the downloaded installer cannot be guaranteed.
Recommendations
- AI detected serious security threats
Audit Metadata