Skills
skills/pluginagentmarketplace/custom-plugin-python/Poetry Packaging/Gen Agent Trust Hub

Poetry Packaging

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill contains a piped remote execution pattern for tool installation. * Evidence: Found curl -sSL https://install.python-poetry.org | python3 - in SKILL.md. * Severity: Initially CRITICAL due to the 'curl | shell' pattern, the severity is reduced to HIGH because the activity is essential to the primary purpose of the skill (Poetry packaging).
  • [EXTERNAL_DOWNLOADS] (HIGH): Remote script execution is performed from a non-whitelisted domain. * Evidence: Source URL https://install.python-poetry.org is not in the trusted source list.
Recommendations
  • HIGH: Downloads and executes remote code from: https://install.python-poetry.org - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:47 PM