Skills
skills/89jobrien/steve/python-scripting/Gen Agent Trust Hub

python-scripting

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (LOW): The skill generates and executes Python scripts using 'uv run'. While this is the intended purpose, it enables the execution of generated logic on the host system.
  • External Downloads (LOW): The skill utilizes PEP 723 metadata to automatically download and install Python dependencies from PyPI.
  • Indirect Prompt Injection (LOW): The template populates code and dependency fields using placeholders, which is a surface for malicious input. Evidence: 1. Ingestion points: '{{MAIN_LOGIC}}' and '{{DEPENDENCY_x}}' in 'uv-script.template.py'. 2. Boundary markers: None. 3. Capability inventory: File writing and command execution. 4. Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:03 PM