Skills
skills/plurigrid/asi/uv-discohy/Gen Agent Trust Hub

uv-discohy

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • REMOTE_CODE_EXECUTION (CRITICAL): The troubleshooting section explicitly instructs users to execute a script from an untrusted source via shell piping.
  • Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh in SKILL.md.
  • Risk: This pattern allows the remote server to execute arbitrary code on the local system with the current user's privileges. The source 'astral.sh' is not in the defined trusted scope.
  • COMMAND_EXECUTION (HIGH): The skill defines multiple 'just' and 'uv' commands that execute arbitrary shell commands and Python scripts.
  • Evidence: Justfile commands such as uv run python src/discohy_thread_operad.py and uv run python -c ....
  • Risk: If these scripts or their inputs are compromised, it leads to full local execution capability.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill installs several third-party Python packages from PyPI.
  • Evidence: uv pip install discopy>=1.1.0, uv pip install hy>=1.0.0.
  • Risk: Unverifiable dependencies may introduce supply chain risks if packages are malicious or hijacked.
  • INDIRECT_PROMPT_INJECTION (HIGH): The skill processes 'thread' data which is likely external content, and has the capability to execute commands based on system state.
  • Ingestion points: threads list passed to build_operad_from_threads in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: uv run, uvx, ruff, and just commands allow subprocess execution.
  • Sanitization: Absent. Untrusted thread data could influence the agent's logic in the 'discohy' environment.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 01:13 PM