fast-yaml
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install and execute code from external packages including 'fast-yaml-cli' via Cargo and 'fastyaml-rs' via Pip and NPM. These packages are authored by the skill developer ('bug-ops') but originate from public registries without being part of a verified trusted organization.
- [EXTERNAL_DOWNLOADS]: The skill requires downloading software from Crates.io, PyPI, and the NPM registry. While these are well-known services, the specific packages provided are not pre-validated or from a trusted vendor list.
- [COMMAND_EXECUTION]: Documentation in 'references/cli-commands.md' recommends the use of 'sudo' to resolve permission denied errors when modifying system configuration files. This encourages the agent to attempt privilege escalation beyond its intended scope.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from YAML and JSON files across its CLI tools and library APIs, presenting an indirect prompt injection risk.
- Ingestion points: Operations such as 'fy parse', 'fy lint', 'fy format', and the 'safe_load' or 'safe_load_all' functions in both Python and Node.js APIs read file content directly into the agent's processing flow.
- Boundary markers: No explicit boundary markers or instructions are provided to the agent to ignore potentially malicious instructions embedded within the YAML/JSON data.
- Capability inventory: The agent has the ability to execute shell commands via the 'fy' tool and install further software using 'pip', 'npm', and 'cargo'.
- Sanitization: The skill does not implement or describe any sanitization or validation logic to filter out non-data content from the files it processes.
Audit Metadata