python-tooling
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download installation scripts from the astral.sh domain for the uv package manager.
- [REMOTE_CODE_EXECUTION]: Instructions involve piping remote scripts directly into sh or powershell interpreters for tool installation. Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh and irm https://astral.sh/uv/install.ps1 | iex.
- [COMMAND_EXECUTION]: The skill facilitates executing various development and profiling commands such as uv run, py-spy, and pytest. Evidence: Use of uv run, py-spy record, and kernprof CLI tools.
- [PROMPT_INJECTION]: The skill defines auto-load triggers for common configuration files, which presents an attack surface for indirect prompt injection. Ingestion points: SKILL.md (triggers for Dockerfile, *.yaml, *.yml). Boundary markers: absent. Capability inventory: Subprocess execution of uv, python, and docker. Sanitization: absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata