uv
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing Python scripts and managing system packages using the 'uv' tool. These are standard operations for Python development environments and are intended for legitimate project management.
- [EXTERNAL_DOWNLOADS]: Instructions include methods for adding Python dependencies from remote package registries (like PyPI) or custom indices. The packages referenced in examples (requests, rich, httpx) are well-known and standard in the ecosystem.
- [PROMPT_INJECTION]: No instructions were found that attempt to bypass safety filters, override agent instructions, or extract system prompts.
- [DATA_EXFILTRATION]: There are no hardcoded credentials, sensitive file path accesses, or suspicious network exfiltration patterns identified in the provided documentation.
- [INDIRECT_PROMPT_INJECTION]: The skill provides a surface for processing data via script execution. Ingestion points: Script files and stdin (scripts.md). Boundary markers: Absent. Capability inventory: Execution of arbitrary Python code via 'uv run'. Sanitization: Absent. The risk is consistent with standard development tools.
Audit Metadata