login
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill directs the user to run
uvx yutori-mcp login, which fetches and executes a package from an external repository (PyPI) that is not part of the trusted source list. This bypasses standard security vetting for third-party code. - [Data Exposure & Exfiltration] (LOW): The skill identifies
~/.yutori/config.jsonas the specific path where API keys are stored. Identifying sensitive file paths in documentation provides a target for other malicious skills or scripts to perform data exfiltration.
Audit Metadata