python-package-management
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts for the uv package manager from the official astral.sh domain.
- [REMOTE_CODE_EXECUTION]: Includes shell commands to pipe remote scripts from the well-known astral.sh domain directly into interpreters for installation.
- [COMMAND_EXECUTION]: Provides templates and commands for executing CLI tools like uv, pip, and ruff to manage the Python environment.
- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection. Ingestion points: pyproject.toml, requirements.txt, and setup.py files are used to trigger and configure the skill. Boundary markers: No markers identified to separate untrusted file content from instructions. Capability inventory: Ability to execute subprocesses and network requests during package installation, syncing, or publishing operations. Sanitization: No explicit logic provided to sanitize or validate input from configuration files before tool execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata