python-env
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill promotes the dangerous 'curl | bash' anti-pattern for installing Poetry, uv, and pyenv. Evidence in
SKILL.md:https://install.python-poetry.orgpiped topython3,https://astral.sh/uv/install.shpiped tosh, andhttps://pyenv.runpiped tobash. These domains are not in the Trusted External Sources whitelist. - COMMAND_EXECUTION (HIGH): Shell scripts and Python utilities execute system commands using variables derived from user input without sanitization. Evidence:
scripts/venv-manager.shinterpolates$env_namedirectly into shell commands, andscripts/poetry-manager.pyuses unvalidated package names insubprocess.runcalls. - PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill ingests external content (package and environment names) and possesses high-privilege execute and write capabilities without boundary markers or sanitization logic (Evidence in
scripts/venv-manager.shandscripts/poetry-manager.py). - EXTERNAL_DOWNLOADS (MEDIUM): Systematic reliance on external package registries (PyPI, Conda) for dependency management throughout
SKILL.mdand referenced guides without explicit version pinning or integrity verification in all examples.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://pyenv.run, https://install.python-poetry.org, https://astral.sh/uv/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata