skills/hyperb1iss/hyperskills/ty/Gen Agent Trust Hub

ty

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to run 'uvx ty check'. The uvx tool is designed to download and execute packages from PyPI in a transient environment. This presents a risk of remote code execution if the package name ('ty') does not correspond to the intended tool or if the package has been compromised by an unrelated party.
  • [EXTERNAL_DOWNLOADS]: The documentation references external resources such as the 'astral-sh/ty' GitHub repository and uses package managers like 'uv' to fetch code from public registries.
  • [COMMAND_EXECUTION]: The agent is encouraged to run various CLI commands locally, including 'ty check', 'ty server', and 'ty explain'. These commands interact with the local file system and environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 11:39 PM
Security Audit — agent-trust-hub — ty