ty
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to run 'uvx ty check'. The uvx tool is designed to download and execute packages from PyPI in a transient environment. This presents a risk of remote code execution if the package name ('ty') does not correspond to the intended tool or if the package has been compromised by an unrelated party.
- [EXTERNAL_DOWNLOADS]: The documentation references external resources such as the 'astral-sh/ty' GitHub repository and uses package managers like 'uv' to fetch code from public registries.
- [COMMAND_EXECUTION]: The agent is encouraged to run various CLI commands locally, including 'ty check', 'ty server', and 'ty explain'. These commands interact with the local file system and environment.
Audit Metadata