ty-type-checking
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the 'ty' package through standard registries such as PyPI and uv. These downloads are associated with legitimate development tooling.
- [COMMAND_EXECUTION]: The skill allows execution of 'ty', 'python', and 'uv' commands within the shell to perform type checking and environment management.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface as it processes Python source files. Ingestion points include local files (SKILL.md); boundary markers are absent; capabilities include Bash and file system access; sanitization is not specified. This is a common risk for static analysis tools and is documented here for awareness.
- [SAFE]: No evidence of data exfiltration, credential harvesting, or obfuscated malicious code was found. The instructions align with the stated purpose of providing type checking expertise.
Audit Metadata