damage-control
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The installation instructions include the command
curl -LsSf https://astral.sh/uv/install.sh | sh. Piping a remote script directly to a shell is a critical security risk as it allows for arbitrary code execution from a source outside of the defined trust scope. - External Downloads (HIGH): The skill depends on downloading and executing code from
astral.sh, which is not a pre-approved trusted source according to the established security framework. - Command Execution (MEDIUM): The skill's stated purpose is to intercept and block system commands, which requires significant privileges and oversight to ensure the logic itself is not exploitable.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata