architect-python-uv-batch
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard development tools including
uv,python3, anddockerfor project initialization, dependency management, and validation. These commands are executed locally within the developer's environment as part of the intended project setup workflow. - [EXTERNAL_DOWNLOADS]: The skill configures the project to fetch standard Python packages from the official Python Package Index (PyPI) and uses a trusted base image from the GitHub Container Registry (
ghcr.io/astral-sh/uv). All GitHub Actions specified in the CI configuration are from well-known providers. - [PROMPT_INJECTION]: The generated project structure creates an ingestion surface for external data (PDF files), which constitutes a potential indirect prompt injection vector if the data is later used in LLM prompts.
- Ingestion points: The
pdf_ingest.pyscript reads files from thedata/inboxdirectory. - Boundary markers: The current template does not implement specific delimiters or instructions to ignore embedded commands in the extracted text.
- Capability inventory: The generated code has capabilities for local file system I/O and environment variable access.
- Sanitization: No content filtering or validation is performed on the extracted PDF text in the provided template logic.
- [SAFE]: No malicious patterns such as obfuscation, persistence mechanisms, or hardcoded credentials were detected. The use of Pydantic for settings and
.envfiles for configuration aligns with security best practices.
Audit Metadata