python-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (MEDIUM): The skill suggests running 'uvx ty check', which downloads and executes code from PyPI at runtime. Since the 'ty' package and its author (Astral) are not on the trusted sources list, this is considered an unverifiable remote execution. Severity is dropped from HIGH to MEDIUM as it is directly related to the skill's purpose of improving Python type safety.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill recommends installing 'ty' via 'uv tool install ty'. This introduces an external dependency from an untrusted source.
- PROMPT_INJECTION (LOW): The skill identifies a surface for indirect prompt injection (Category 8). It instructs the agent to read and process external Python files, which could contain malicious instructions. Evidence: 1. Ingestion: Python source files. 2. Boundary markers: Absent. 3. Capability: Agent performs code analysis and generation based on provided patterns. 4. Sanitization: Absent.
Audit Metadata