python-packaging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (CRITICAL): The URLite scanner identified a blacklisted URL within the MANIFEST.in file. Manifest files are used during package installation, and the presence of a blacklisted domain suggests the skill is designed to fetch malicious scripts or binaries from known-bad infrastructure.
- [DATA_EXFILTRATION] (HIGH): The inclusion of malicious external domains in infrastructure files is a classic indicator of beaconing or data exfiltration, where the skill attempts to send environment metadata or sensitive host information to an attacker-controlled server.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata