tapestry
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation (Error Handling table) explicitly recommends installing the 'uv' tool via 'curl -LsSf https://astral.sh/uv/install.sh | sh'. This piped-to-shell execution pattern from an untrusted domain (astral.sh is not in the Trusted External Sources list) is a severe security risk.
- EXTERNAL_DOWNLOADS (HIGH): The skill automatically performs network downloads from user-provided URLs using 'yt-dlp', 'trafilatura', and 'curl'. While it claims to use a validation utility ('tapestry-validate-url'), the ingestion of arbitrary remote content for processing remains high-risk.
- COMMAND_EXECUTION (MEDIUM): The skill relies on the 'Bash' tool to execute complex shell logic, including environment-dependent tool selection, temporary file creation via 'mktemp', and variable-heavy command construction.
- PROMPT_INJECTION (LOW): Vulnerable to indirect prompt injection surface. Evidence: 1. Ingestion points: 'CONTENT_FILE' generated from external YouTube transcripts, PDFs, and articles. 2. Boundary markers: Absent from the workflow instructions. 3. Capability inventory: 'Bash' (command execution), 'Read', 'Write'. 4. Sanitization: Includes custom validation for URLs and filenames, but no content-level sanitization for the LLM processing step.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata